Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:07-02-2016
Executado por windows 8 (administrador) em WINDOWS8 (13-02-2016 17:32:18)
Executando a partir de C:\Users\windows 8\Desktop
Perfis Carregados: windows 8 (Perfis Disponíveis: windows 8)
Platform: Windows 8 Single Language (X64) Idioma: Português (Brasil)
Internet Explorer Versão 10 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\GrassSoft\Macro Expert\MacroService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\GrassSoft\Macro Expert\MacroServiceWnd.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
() C:\Users\windows 8\Microsoft\njwOq.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
(Microsoft Corporation) C:\Windows\SysWOW64\Taskmgr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(SEC) C:\Program Files\Samsung\Recovery\WCScheduler.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2014-05-05] (Banco Itaú Unibanco)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-24] (Atheros Communications)
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3829328 2014-05-15] (Tonec Inc.)
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-09] ()
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Run: [svchost.exe] => C:\Users\windows 8\AppData\Roaming\Default Folder\svchost.exe [32768 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\RunOnce: [Microsoft] => C:\Users\windows 8\Microsoft\njwOq.exe [1220283 2014-06-15] ()
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: E - "E:\.\StartModem.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {169868b6-af3b-11e4-becd-50b7c3cbde91} - "E:\.\StartModem.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {1f880442-bb8f-11e3-be99-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {1f880448-bb8f-11e3-be99-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {3b54d4f8-e2c0-11e4-bed5-50b7c3cbde91} - "E:\LGAutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {444793f0-18e8-11e4-beb3-50b7c3cbde91} - "E:\LG_PC_Programs.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {96a530ea-b697-11e3-be96-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {b71865c5-d44f-11e3-be9b-50b7c3cbde91} - "G:\iLinker.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {bc69d044-e7ff-11e3-bea2-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {bc69d049-e7ff-11e3-bea2-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {be29265b-a46e-11e3-be8c-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {be2926a6-a46e-11e3-be8c-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {be29284b-a46e-11e3-be8c-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {dd39f776-6c41-11e4-bec0-50b7c3cbde91} - "F:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {dd39f783-6c41-11e4-bec0-50b7c3cbde91} - "F:\AutoRun.exe"
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1945472 2015-11-04] (Banco do Brasil)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\windows 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-18]
ShortcutTarget: MEGAsync.lnk -> C:\Users\windows 8\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{20F5812D-E470-4D7C-AE3E-2D756886BC97}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B632944F-1FB3-4ECA-920F-C6E185E512C5}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{B632944F-1FB3-4ECA-920F-C6E185E512C5}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-04-02] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-09-13] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-09-13] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-04-02] (Internet Download Manager, Tonec Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-25] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2014-05-05] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-25] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\windows 8\AppData\Roaming\Mozilla\Firefox\Profiles\vww4vy0s.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2016-01-19] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon
FF HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\windows 8\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\windows 8\AppData\Roaming\IDM\idmmzcc5 [2016-02-03] [não assinado]
FF HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\windows 8\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => não encontrado (a)
FF HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\windows 8\AppData\Roaming\IDM\idmmzcc5
Chrome:
=======
CHR dev: Chrome dev build detectado! <======= ATENÇÃO
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "search.mpc.am"
CHR DefaultSearchURL: Default -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
CHR DefaultSearchKeyword: Default -> mpc safe search
CHR Profile: C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-02]
CHR Extension: (Google Docs) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-02]
CHR Extension: (Google Drive) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02]
CHR Extension: (YouTube) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02]
CHR Extension: (Google Search) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
CHR Extension: (Planilhas do Google) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-02]
CHR Extension: (Unifinder New Tab) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggpcleoagckefcmekcbgdhhmcfcdofhj [2016-02-02]
CHR Extension: (Documentos Google off-line) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-02]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-02]
CHR Extension: (Gmail) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-02]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-01-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-01-19]
CHR HKLM-x32\...\Chrome\Extension: [ggpcleoagckefcmekcbgdhhmcfcdofhj] - C:\Users\windows 8\AppData\Local\adStartPage\unifinder.crx [2014-04-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-05-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S4 AcuWVSSchedulerv8; C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [1009840 2012-07-04] ()
S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros Commnucations) [Arquivo não assinado]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-02-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-02-13] (BlueStack Systems, Inc.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-01-31] (Samsung Electronics CO., LTD.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-11-04] (GAS Tecnologia)
S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Arquivo não assinado]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 Macro Expert; c:\program files (x86)\grasssoft\macro expert\MacroService.exe [413184 2015-02-26] () [Arquivo não assinado]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
S4 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado]
S4 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2921520 2013-04-09] (Samsung Electronics CO., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [Arquivo não assinado]
S4 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [Arquivo não assinado]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [Arquivo não assinado]
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20150921.003\BHDrvx64.sys [1650936 2015-09-23] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-13] (BlueStack Systems)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222952 2013-01-24] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-12] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-02] ()
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-02-13] (GAS Tecnologia)
R1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-09-22] (GAS Tecnologia)
S0 gbpddreg; C:\Windows\SysWOW64\drivers\gbpddreg64.sys [29816 2015-09-22] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-22] (GAS Tecnologia)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20150930.101\IDSVia64.sys [767224 2015-09-23] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160118.004\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160118.004\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [242688 2013-04-24] (QUALCOMM Incorporated)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 SymEFASI; C:\Windows\system32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-01-18] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-22] (GAS Tecnologia LTDA)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35232 2013-01-28] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [230904 2013-01-28] (Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2012-12-26] (MediaTek Inc.)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-02-13] (GAS Tecnologia)
R1 wsddpp; C:\windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 BprotectEx; \??\C:\windows\System32\drivers\BprotectEx.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X]
S1 iSafeKrnlR3; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X]
S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-02-13 17:32 - 2016-02-13 17:33 - 00028789 _____ C:\Users\windows 8\Desktop\FRST.txt
2016-02-13 17:32 - 2016-02-13 17:26 - 02370560 _____ (Farbar) C:\Users\windows 8\Desktop\FRST64.exe
2016-02-13 17:29 - 2016-02-13 17:32 - 00000000 ____D C:\FRST
2016-02-13 17:19 - 2016-02-13 17:19 - 00000000 ___RD C:\Users\windows 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-02-13 17:17 - 2016-02-13 17:17 - 00287248 _____ C:\windows\Minidump\021316-41296-01.dmp
2016-02-13 14:40 - 2016-02-13 14:40 - 00285792 _____ C:\windows\Minidump\021316-35437-01.dmp
2016-02-13 14:34 - 2016-02-13 14:34 - 00285792 _____ C:\windows\Minidump\021316-29578-01.dmp
2016-02-13 14:15 - 2016-02-13 14:15 - 00285792 _____ C:\windows\Minidump\021316-43515-01.dmp
2016-02-13 13:10 - 2016-02-13 14:18 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-13 12:38 - 2016-02-13 12:40 - 13704314 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance (4).ppsx
2016-02-13 12:24 - 2016-02-13 12:24 - 00003102 _____ C:\windows\System32\Tasks\{9AF5C6E6-6C20-4DEC-847E-07AD6076B80C}
2016-02-12 21:17 - 2016-02-12 21:17 - 00002922 _____ C:\windows\System32\Tasks\osTip
2016-02-12 21:17 - 2016-02-12 21:17 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-02-12 20:46 - 2016-02-12 20:46 - 00002034 _____ C:\Users\windows 8\Downloads\config.inc.php
2016-02-12 19:00 - 2016-02-12 19:00 - 00318016 _____ C:\Users\windows 8\Downloads\credlanc_site (22).sql
2016-02-11 21:17 - 2016-02-11 21:17 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\gplyra
2016-02-11 15:01 - 2016-02-11 15:01 - 00001338 _____ C:\Users\windows 8\Desktop\Limpeza Grátis de Registros!.lnk
2016-02-10 21:25 - 2016-02-10 21:25 - 00001190 _____ C:\Users\windows 8\Desktop\Continue Last version Installation.lnk
2016-02-10 21:21 - 2016-02-13 12:26 - 00000000 ____D C:\ProgramData\baidu
2016-02-10 21:20 - 2016-02-13 14:14 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-02-10 21:18 - 2016-02-10 21:18 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-02-07 20:49 - 2016-02-07 20:49 - 00000000 ____D C:\Default Folder
2016-02-07 16:09 - 2016-02-07 16:09 - 00000043 _____ C:\Users\windows 8\Desktop\raspadinha.txt
2016-02-05 00:00 - 2016-02-05 00:00 - 00287248 _____ C:\windows\Minidump\020516-30953-01.dmp
2016-02-04 11:38 - 2016-02-04 11:38 - 00002051 _____ C:\Users\windows 8\Downloads\transacoes_tipo.sql
2016-02-04 11:36 - 2016-02-04 11:36 - 00002051 _____ C:\Users\windows 8\Downloads\transacoes_tipo.sql.crdownload
2016-02-03 14:36 - 2016-02-13 14:06 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\systweak
2016-02-03 10:52 - 2016-02-03 10:52 - 00117558 _____ C:\Users\windows 8\Downloads\0022-16 Novo - PRR - Quem leva Intermediações e Agenciamento Via Internet Ltda - Me - Thiago Sá - C (1).pdf
2016-02-03 10:52 - 2016-02-03 10:52 - 00023245 _____ C:\Users\windows 8\Downloads\CLIENTES QUEMLEVA.xlsx
2016-02-02 17:29 - 2016-02-02 17:29 - 00000000 _____ C:\autoexec.bat
2016-02-02 17:19 - 2016-02-02 17:36 - 00000000 ____D C:\ProgramData\Ultra Adware Killer
2016-02-02 17:19 - 2016-02-02 17:19 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-02-01 23:02 - 2016-02-01 23:02 - 00285792 _____ C:\windows\Minidump\020116-24171-01.dmp
2016-02-01 20:16 - 2016-02-01 20:17 - 00000000 ____D C:\Users\windows 8\Desktop\Adf.ly autoviewer
2016-02-01 00:39 - 2016-02-01 00:39 - 00285792 _____ C:\windows\Minidump\020116-24468-01.dmp
2016-01-31 23:34 - 2016-02-13 14:05 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2016-01-31 23:12 - 2016-02-13 14:14 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\NubolUjaupc
2016-01-31 23:12 - 2016-01-31 23:12 - 00000000 ____D C:\Users\windows 8\AppData\Local\Tempfolder
2016-01-31 23:10 - 2016-02-13 14:06 - 00000000 ____D C:\Users\windows 8\AppData\LocalLow\Company
2016-01-31 23:09 - 2016-01-31 23:19 - 00000008 _____ C:\END
2016-01-31 23:05 - 2016-01-31 23:25 - 00000000 ____D C:\Users\windows 8\AppData\Local\Chromium
2016-01-31 22:58 - 2016-01-31 22:55 - 00001575 _____ C:\windows\system32\Drivers\etc\hp.bak
2016-01-31 22:46 - 2016-01-31 22:47 - 03840000 _____ C:\Users\windows 8\Downloads\bot_pokerstars_download.iso
2016-01-31 22:23 - 2016-02-13 17:19 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Imminent
2016-01-31 22:23 - 2016-02-13 14:28 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Default Folder
2016-01-31 22:23 - 2016-01-31 22:23 - 00000000 ___SH C:\Users\windows 8\xHlbGKVr.txt
2016-01-31 22:23 - 2014-06-15 20:25 - 01220283 _____ C:\njwOq.exe
2016-01-31 00:34 - 2016-01-31 00:34 - 00028724 _____ C:\Users\windows 8\Downloads\index1 (3).htm
2016-01-31 00:34 - 2016-01-31 00:34 - 00028724 _____ C:\Users\windows 8\Downloads\index1 (2).htm
2016-01-30 23:47 - 2016-01-30 23:47 - 00013258 _____ C:\Users\windows 8\Downloads\download (13).htm
2016-01-30 22:56 - 2016-01-30 22:56 - 00031196 _____ C:\Users\windows 8\Downloads\form-history-filters.htm
2016-01-30 22:56 - 2016-01-30 22:56 - 00024019 _____ C:\Users\windows 8\Downloads\index (3).htm
2016-01-30 10:42 - 2016-01-30 10:43 - 00004675 _____ C:\Users\windows 8\Downloads\membros_temp (1).sql
2016-01-28 20:58 - 2016-01-31 13:16 - 00000000 ____D C:\Users\windows 8\Documents\Conference
2016-01-28 20:58 - 2016-01-28 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conference Recording Service
2016-01-28 20:58 - 2016-01-28 20:58 - 00000000 ____D C:\Program Files (x86)\Conference Recording Service
2016-01-28 20:58 - 2011-05-26 11:15 - 04191424 _____ C:\windows\ConferenceRS.exe
2016-01-28 20:58 - 2011-05-26 11:15 - 00028704 _____ C:\windows\Hook.dll
2016-01-28 20:21 - 2016-01-28 20:21 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\(5C-51-88-CB-92-F5)
2016-01-28 11:30 - 2016-02-05 16:05 - 00000880 _____ C:\Users\windows 8\Desktop\HTTrack Website Copier.lnk
2016-01-28 11:30 - 2016-01-28 11:30 - 00000000 ____D C:\Program Files\WinHTTrack
2016-01-27 16:11 - 2016-01-27 16:11 - 00208864 _____ C:\Users\windows 8\Downloads\credlanc_site (21).sql
2016-01-27 11:38 - 2016-01-27 11:38 - 00207026 _____ C:\Users\windows 8\Downloads\credlanc_site (20).sql
2016-01-26 16:10 - 2016-01-26 16:10 - 00389006 _____ C:\Users\windows 8\Downloads\1.3.5.pdf
2016-01-26 13:43 - 2016-01-26 13:45 - 60179442 _____ C:\Users\windows 8\Downloads\Apresentação WBM do Brasil.mp4
2016-01-26 13:09 - 2016-01-26 13:09 - 00172605 _____ C:\Users\windows 8\Downloads\PLANO DE NEGÓCIO - FRANQUIA HOME.xlsx
2016-01-25 22:28 - 2016-01-25 22:32 - 14100240 _____ (LogMeIn, Inc.) C:\Users\windows 8\Downloads\join.me.exe
2016-01-25 22:16 - 2016-01-25 22:19 - 15650019 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance (3).ppsx
2016-01-25 21:35 - 2016-01-26 18:09 - 00000000 ____D C:\Users\windows 8\Desktop\Nova pasta
2016-01-25 20:58 - 2016-01-25 20:58 - 00252051 _____ C:\Users\windows 8\Downloads\Proposta.rar
2016-01-25 20:20 - 2016-01-25 20:22 - 15628821 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance (2).ppsx
2016-01-25 19:55 - 2016-01-25 19:55 - 00012302 _____ C:\Users\windows 8\Downloads\a5f3faec3b966eade381d00a6bbfdcc0.jpeg
2016-01-25 18:48 - 2016-01-25 18:48 - 00022736 _____ C:\Users\windows 8\Downloads\produto_nuvem.sql
2016-01-25 16:19 - 2016-01-25 16:19 - 00192287 _____ C:\Users\windows 8\Downloads\credlanc (1).sql
2016-01-25 16:19 - 2016-01-25 16:19 - 00181642 _____ C:\Users\windows 8\Downloads\credlanc_site (19).sql
2016-01-25 15:48 - 2016-01-25 15:48 - 00191990 _____ C:\Users\windows 8\Downloads\credlanc.sql
2016-01-25 12:14 - 2016-01-25 12:14 - 00180778 _____ C:\Users\windows 8\Downloads\credlanc_site (18).sql
2016-01-25 11:44 - 2016-01-25 11:44 - 00179610 _____ C:\Users\windows 8\Downloads\credlanc_site (17).sql
2016-01-24 14:41 - 2016-01-24 14:45 - 15597014 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance (1).ppsx
2016-01-23 11:43 - 2016-01-23 11:43 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\MPC-HC
2016-01-23 11:41 - 2016-01-23 11:41 - 00001081 _____ C:\Users\windows 8\Desktop\MPC-HC.lnk
2016-01-22 19:38 - 2016-01-22 19:38 - 00172444 _____ C:\Users\windows 8\Downloads\credlanc_site (16).sql
2016-01-22 17:01 - 2016-01-22 17:01 - 00117558 _____ C:\Users\windows 8\Downloads\0022-16 Novo - PRR - Quem leva Intermediações e Agenciamento Via Internet Ltda - Me - Thiago Sá - C.pdf
2016-01-22 16:49 - 2016-01-22 16:51 - 08274282 _____ C:\Users\windows 8\Downloads\Nova Apresentação.rar
2016-01-22 16:20 - 2016-01-23 13:18 - 00000000 ____D C:\Users\windows 8\Desktop\joao filho de raul
2016-01-20 12:22 - 2016-01-20 12:22 - 00029247 _____ C:\Users\windows 8\Downloads\funcoes.inc (1).php
2016-01-19 21:08 - 2016-01-19 21:08 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2016-01-19 21:03 - 2016-01-19 21:03 - 00003234 _____ C:\windows\System32\Tasks\Norton WSC Integration
2016-01-19 19:34 - 2016-01-19 19:34 - 16695176 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance.ppsx
2016-01-19 18:58 - 2016-01-19 18:58 - 00152981 _____ C:\Users\windows 8\Downloads\credlanc_site (15).sql
2016-01-19 10:33 - 2016-01-19 21:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-01-18 22:10 - 2016-02-13 14:18 - 00002413 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2016-01-18 20:03 - 2016-01-18 20:03 - 00000000 ____D C:\Users\windows 8\Desktop\drivers do pc
2016-01-18 18:41 - 2016-01-18 18:41 - 00069798 _____ C:\Users\windows 8\Desktop\7171601820667010.pdf
2016-01-18 16:55 - 2016-01-18 17:46 - 00000000 ____D C:\Users\windows 8\Documents\MEGAsync Downloads
2016-01-18 16:55 - 2016-01-18 16:55 - 00000000 ____D C:\Users\windows 8\AppData\Local\Mega Limited
2016-01-18 16:55 - 1969-12-31 22:00 - 729319424 _____ C:\Users\windows 8\Downloads\Windows XP BT Professional SP3 X86BITS 2015.iso
2016-01-18 16:52 - 2016-01-19 23:57 - 00000000 ____D C:\Users\windows 8\AppData\Local\MEGAsync
2016-01-18 16:52 - 2016-01-18 16:52 - 00001064 _____ C:\Users\windows 8\Desktop\MEGAsync.lnk
2016-01-18 16:52 - 2016-01-18 16:52 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-01-18 16:49 - 2016-01-18 16:50 - 10152576 _____ (MEGA Limited) C:\Users\windows 8\Downloads\MEGAsyncSetup.exe
2016-01-18 16:03 - 2016-01-18 16:03 - 01130137 _____ C:\Users\windows 8\Downloads\Windows XP PROFESSIONAL SP3 Jan 2015 SATA Drivers TechTools .cab
2016-01-18 14:54 - 2016-01-18 14:54 - 00000000 ____D C:\Bot ADDMEFAST
2016-01-18 14:54 - 2015-09-22 19:12 - 00121004 _____ C:\Bot ADDMEFAST.rar
2016-01-18 12:44 - 2016-01-18 13:22 - 383156224 _____ C:\Users\windows 8\Downloads\xpsp3_5512.080413-2113_br_x86fre_spcd.iso
2016-01-17 20:59 - 2016-01-17 20:59 - 00144402 _____ C:\Users\windows 8\Downloads\credlanc_site (14).sql
2016-01-16 18:50 - 2016-01-16 18:51 - 04704230 _____ C:\Users\windows 8\Downloads\WBM do Brasil.mp4
2016-01-14 18:29 - 2016-01-14 18:29 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-02-13 17:28 - 2015-07-31 09:33 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-02-13 17:27 - 2014-03-03 14:40 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\DMCache
2016-02-13 17:20 - 2015-08-23 23:08 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-13 17:19 - 2014-02-28 18:15 - 00000000 ____D C:\Users\windows 8\AppData\Local\CrashDumps
2016-02-13 17:19 - 2014-02-28 01:11 - 00001090 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-13 17:18 - 2016-01-02 17:35 - 00028888 _____ (GAS Tecnologia) C:\windows\system32\Drivers\gbpddfac64.sys
2016-02-13 17:18 - 2016-01-02 17:19 - 00101080 _____ (GAS Tecnologia) C:\windows\system32\Drivers\wsddfac.sys
2016-02-13 17:18 - 2014-09-19 00:47 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-02-13 17:18 - 2014-05-30 17:21 - 00065536 _____ C:\windows\system32\Ikeext.etl
2016-02-13 17:18 - 2012-07-26 05:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-13 17:17 - 2014-08-30 20:48 - 00000000 ____D C:\windows\Minidump
2016-02-13 17:17 - 2014-08-30 20:47 - 663222650 _____ C:\windows\MEMORY.DMP
2016-02-13 17:08 - 2014-06-16 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-13 17:03 - 2014-02-28 01:11 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-13 17:01 - 2013-05-16 04:09 - 00000000 ____D C:\ProgramData\WinClon
2016-02-13 16:56 - 2012-07-26 06:12 - 00000000 ____D C:\windows\tracing
2016-02-13 16:08 - 2014-05-01 14:40 - 00000000 ____D C:\Users\windows 8\AppData\Local\PokerStars
2016-02-13 16:05 - 2014-05-01 14:39 - 00000000 ____D C:\Program Files (x86)\PokerStars
2016-02-13 14:34 - 2014-02-10 02:53 - 00000000 ____D C:\Users\windows 8
2016-02-13 14:28 - 2014-03-03 23:55 - 16596992 ___SH C:\Users\windows 8\Desktop\Thumbs.db
2016-02-13 14:25 - 2012-07-26 03:26 - 00524288 ___SH C:\windows\system32\config\BBI
2016-02-13 14:18 - 2015-12-18 23:45 - 00001941 _____ C:\Users\Public\Desktop\PokerStars.lnk
2016-02-13 14:18 - 2015-12-10 23:22 - 00001890 _____ C:\Users\Public\Desktop\Apps.lnk
2016-02-13 14:18 - 2015-12-10 23:22 - 00001801 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2016-02-13 14:18 - 2015-11-03 21:12 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-13 14:18 - 2015-11-03 21:12 - 00002041 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-13 14:18 - 2015-10-31 18:01 - 00000957 _____ C:\Users\Public\Desktop\Steam.lnk
2016-02-13 14:18 - 2015-04-14 08:52 - 00002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-02-13 14:18 - 2014-12-11 13:05 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-02-13 14:18 - 2014-12-11 12:35 - 00001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2016-02-13 14:18 - 2014-12-11 12:34 - 00001195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2016-02-13 14:18 - 2014-12-10 11:16 - 00001638 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
2016-02-13 14:18 - 2014-12-10 11:15 - 00001550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk
2016-02-13 14:18 - 2014-12-10 11:12 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2016-02-13 14:18 - 2014-12-10 10:54 - 00001219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
2016-02-13 14:18 - 2014-12-10 10:47 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-02-13 14:18 - 2014-12-10 10:46 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2016-02-13 14:18 - 2014-12-07 20:40 - 00000959 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-02-13 14:18 - 2014-08-13 16:49 - 00001219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.lnk
2016-02-13 14:18 - 2014-08-13 16:48 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2016-02-13 14:18 - 2014-08-13 16:47 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2016-02-13 14:18 - 2014-08-13 16:47 - 00001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2016-02-13 14:18 - 2014-06-16 19:49 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-13 14:18 - 2014-03-25 11:48 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
2016-02-13 14:18 - 2014-03-25 11:47 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2016-02-13 14:18 - 2014-03-25 11:47 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2016-02-13 14:18 - 2014-03-25 11:46 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
2016-02-13 14:18 - 2014-03-25 11:45 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-02-13 14:18 - 2014-02-28 01:19 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-13 14:18 - 2013-05-16 04:25 - 00001968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-02-13 14:18 - 2013-05-16 04:20 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-02-13 14:18 - 2013-05-16 04:20 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-02-13 14:18 - 2013-05-16 04:03 - 00001900 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 11.lnk
2016-02-13 14:18 - 2012-07-26 03:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-02-13 14:17 - 2015-12-18 23:45 - 00001953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2016-02-13 14:17 - 2014-09-13 16:38 - 00000286 __RSH C:\ProgramData\ntuser.pol
2016-02-13 14:14 - 2012-07-26 06:12 - 00000000 ____D C:\windows\LiveKernelReports
2016-02-13 14:06 - 2015-07-24 14:02 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Elex-tech
2016-02-13 14:06 - 2015-07-24 14:02 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2016-02-13 13:10 - 2015-08-23 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-13 13:10 - 2015-08-23 23:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-13 12:58 - 2014-07-23 16:53 - 00000962 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-308377861-1605807132-3586080931-1001UA.job
2016-02-13 12:26 - 2014-06-16 20:01 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Baidu
2016-02-12 20:50 - 2014-06-16 19:27 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\FileZilla
2016-02-12 18:15 - 2014-09-16 13:54 - 00000000 ____D C:\Users\windows 8\Documents\Sicoob
2016-02-12 18:05 - 2014-09-13 19:08 - 00000000 ____D C:\Program Files\NetBeans 8.0.1
2016-02-12 15:58 - 2014-07-23 16:53 - 00000940 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-308377861-1605807132-3586080931-1001Core.job
2016-02-12 15:46 - 2015-12-25 19:44 - 00000000 ____D C:\Users\windows 8\Desktop\CREDLANCE SEGURO
2016-02-12 14:15 - 2016-01-11 10:07 - 00000000 ____D C:\Sicoobnet
2016-02-12 13:39 - 2012-07-26 06:12 - 00000000 ____D C:\windows\AUInstallAgent
2016-02-12 13:23 - 2012-07-26 06:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-12 11:32 - 2015-12-15 00:05 - 00000000 ____D C:\Users\windows 8\Desktop\CREDLANCE
2016-02-11 10:59 - 2016-01-11 10:12 - 00001416 _____ C:\Users\windows 8\Desktop\Sicoobnet Empresarial.lnk
2016-02-10 11:00 - 2014-11-16 21:32 - 00000000 ____D C:\Users\windows 8\AppData\Local\Adobe
2016-02-07 20:34 - 2012-07-26 03:37 - 00000000 ____D C:\windows\Inf
2016-02-07 17:11 - 2014-03-03 14:40 - 00000000 ____D C:\Users\windows 8\Downloads\Video
2016-02-05 15:19 - 2013-05-16 17:31 - 00762816 _____ C:\windows\system32\prfh0416.dat
2016-02-05 15:19 - 2013-05-16 17:31 - 00154608 _____ C:\windows\system32\prfc0416.dat
2016-02-05 15:19 - 2012-07-26 05:28 - 00922794 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-05 12:56 - 2016-01-03 15:09 - 00000000 ____D C:\Users\windows 8\Desktop\POKER
2016-02-03 14:26 - 2014-06-02 18:07 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\IDM
2016-02-02 21:58 - 2014-02-28 01:11 - 00004066 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 21:58 - 2014-02-28 01:11 - 00003830 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 17:26 - 2014-10-15 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
2016-02-02 17:26 - 2014-03-05 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro
2016-02-01 22:56 - 2014-06-19 20:36 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Skype
2016-02-01 20:26 - 2014-03-03 14:40 - 00000000 ____D C:\Users\windows 8\Downloads\Compressed
2016-02-01 15:36 - 2014-02-11 21:14 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-308377861-1605807132-3586080931-1001
2016-01-31 23:21 - 2014-02-10 02:54 - 00001406 _____ C:\Users\windows 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-31 22:48 - 2014-03-24 18:56 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\CyberLink
2016-01-31 22:08 - 2014-07-25 00:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-30 22:29 - 2014-09-19 00:47 - 00000000 ____D C:\ProgramData\GbPlugin
2016-01-28 22:30 - 2014-02-10 02:55 - 00000000 ____D C:\Users\windows 8\Documents\Bluetooth Folder
2016-01-28 21:39 - 2014-02-10 02:55 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Atheros
2016-01-28 21:21 - 2014-12-30 23:44 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\vlc
2016-01-28 16:36 - 2014-03-14 20:40 - 03372032 ___SH C:\Users\windows 8\Downloads\Thumbs.db
2016-01-28 11:35 - 2015-04-09 23:35 - 00000000 ____D C:\Meus Sites
2016-01-28 11:30 - 2015-04-09 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2016-01-27 12:24 - 2014-12-13 02:36 - 00000132 _____ C:\Users\windows 8\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2016-01-25 22:29 - 2014-09-18 01:27 - 00000000 ____D C:\Users\windows 8\Documents\Simple Sticky Notes
2016-01-24 17:09 - 2014-08-29 16:32 - 00000000 ____D C:\Users\windows 8\Desktop\Fankoob
2016-01-23 11:41 - 2014-02-11 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2016-01-23 11:41 - 2014-02-11 21:10 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2016-01-22 22:30 - 2012-07-26 06:12 - 00000000 ___HD C:\windows\ELAMBKUP
2016-01-21 11:27 - 2012-07-26 06:12 - 00000000 ____D C:\windows\system32\NDF
2016-01-20 13:41 - 2015-04-18 12:18 - 00000000 __RHD C:\Users\windows 8\Desktop\FAMILIA
2016-01-19 21:03 - 2013-05-16 04:07 - 00000000 ____D C:\windows\system32\Drivers\NISx64
2016-01-18 22:11 - 2013-05-16 04:09 - 00111344 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2016-01-18 22:11 - 2013-05-16 04:09 - 00008214 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2016-01-18 22:11 - 2013-05-16 04:09 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-01-18 22:11 - 2013-05-16 04:07 - 00000000 ____D C:\ProgramData\Norton
2016-01-18 22:09 - 2013-05-16 04:07 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-01-18 16:39 - 2014-12-02 00:22 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\uTorrent
2016-01-18 13:19 - 2015-12-07 11:52 - 00000000 ____D C:\Users\windows 8\Desktop\AddmeFast Bot - Ultimate [Xtmhacks.com]
==================== Arquivos na raiz de alguns diretórios =======
2014-09-17 21:26 - 2014-09-17 21:26 - 0000132 _____ () C:\Users\windows 8\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-06-01 18:19 - 2014-12-03 11:02 - 0000132 _____ () C:\Users\windows 8\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-10-15 19:31 - 2014-12-01 00:00 - 0000614 _____ () C:\Users\windows 8\AppData\Roaming\LiveSupport.exe_log.txt
2014-11-09 23:45 - 2014-04-01 19:22 - 0013986 ___SH () C:\Users\windows 8\AppData\Roaming\pgjk.vbs
2014-12-13 02:36 - 2016-01-27 12:24 - 0000132 _____ () C:\Users\windows 8\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2014-10-15 19:31 - 2014-10-15 19:31 - 0000092 _____ () C:\Users\windows 8\AppData\Roaming\regsvr32.exe_log.txt
2015-01-26 09:40 - 2015-01-26 09:40 - 0017997 _____ () C:\Users\windows 8\AppData\Roaming\unins000.dat
2015-01-26 09:40 - 2015-01-26 09:40 - 0730322 _____ () C:\Users\windows 8\AppData\Roaming\unins000.exe
2014-07-30 19:39 - 2014-07-30 19:39 - 0000044 _____ () C:\Users\windows 8\AppData\Roaming\WB.CFG
2015-12-07 13:01 - 2015-12-07 13:01 - 0001456 _____ () C:\Users\windows 8\AppData\Local\Adobe Salvar para Web 13.0 Prefs
2014-07-22 19:41 - 2014-07-22 20:12 - 0001456 _____ () C:\Users\windows 8\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-09-22 15:12 - 2014-09-22 15:12 - 0007605 _____ () C:\Users\windows 8\AppData\Local\Resmon.ResmonCfg
2014-09-06 21:37 - 2014-09-06 21:37 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-01 20:59 - 2015-02-01 20:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-16 03:56 - 2013-02-19 05:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-05-16 03:56 - 2013-01-12 12:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
Alguns arquivos em TEMP:
====================
C:\Users\windows 8\AppData\Local\Temp\2609.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\5675.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\5C89.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\8DA9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\98FB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\AF35.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\B9B8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\D999.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E899.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8F8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8F9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8FA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8FB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8FC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8FD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8FE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8FF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E900.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E901.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E902.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E913.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E914.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E924.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E925.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E926.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E927.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E928.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E929.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E92A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E92B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E92C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E92D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E94D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E94E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E94F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E950.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E961.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E962.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E963.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E964.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E965.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E966.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E967.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E968.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E998.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E999.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E99A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E99B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E99C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E99D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E99E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E99F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9A0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9A1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9A2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9BA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9BB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9BC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9BD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9BE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9CE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9CF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9E9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9EA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9EB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9EC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9ED.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9EE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9EF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9F0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9F1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9F2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9F3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9F4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA04.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA05.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA06.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA07.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA08.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA09.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA0A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA0B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA0C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA1D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA1E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA1F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA20.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA21.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA22.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA23.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA24.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA25.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA26.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA27.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA38.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA39.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA3A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA3B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA3C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA3D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA3E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA3F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA40.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA41.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA42.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA52.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA53.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA54.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA55.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA56.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EEDC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EEFC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\esg_cleanup.exe
C:\Users\windows 8\AppData\Local\Temp\F0D2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F140.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F141.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F142.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F143.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F154.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F155.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F156.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F157.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F186.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F187.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F188.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F199.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F19A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F19B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F19C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F19D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F1AE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F1AF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F1B0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F20E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F20F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F25F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F260.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F261.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F271.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F272.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F273.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F274.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F285.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F286.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F287.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F288.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F289.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F299.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F29A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F29B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F29C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F29D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F29E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2AF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2B0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2B1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2B2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2B3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2C4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2C5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2C6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2C7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2C8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2D8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2D9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2DA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2DB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2EC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2ED.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2EE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2EF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2F0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F301.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F302.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F303.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F304.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F305.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F306.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F307.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F308.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F318.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F319.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F32A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F32B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F32C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F32D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F32E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F32F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F330.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F331.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F332.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F342.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F353.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F354.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F365.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F366.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F367.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F368.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F369.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F36A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F36B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F37B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F37C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F37D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F37E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F37F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F380.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F381.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F382.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F383.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F384.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F385.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F396.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F397.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F398.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F399.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3AA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3AB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3AC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3AD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3AE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3BE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3BF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3D8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3D9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3DA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3EA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3EB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3EC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3ED.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3EE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3EF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3F0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3F1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3F2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3F3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3F4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F405.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F406.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F417.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F418.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F419.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F41A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F41B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F41C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F41D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F41E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F42E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F42F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F430.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F431.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F442.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F453.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F454.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F455.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F465.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F466.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F467.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F478.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F479.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F499.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4AA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4AB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4AC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4AD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4BD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4BE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4CF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4D0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4D1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4F1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4F2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F504.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F514.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F525.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F526.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F527.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F528.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F529.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F52A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F52B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F52C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F52D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F52E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F53F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F540.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F541.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F542.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F543.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F544.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F564.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F584.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F585.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F5A5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F5A6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F5A7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F5A8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F5A9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F5AA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F638.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F639.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F63A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F63B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F63C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F63D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F63E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F63F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F650.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F651.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F652.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F653.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F654.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F655.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F656.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F666.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F667.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F668.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F669.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F66A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F66B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F66C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F67D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F67E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F67F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F680.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F681.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F682.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F683.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F684.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F685.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F686.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F697.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F698.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F699.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F69A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F69B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F69C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F69D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F69E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F69F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6A0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6CA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6CB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6CC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6CD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6CE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6CF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6D0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6D1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6D2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6D3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6EA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6EB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6FC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6FD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6FE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6FF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F700.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F701.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F702.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F703.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F704.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F705.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F716.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F717.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F718.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F719.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F71A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F71B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F71C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F71D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F71E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F71F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F72F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F730.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F731.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F732.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F733.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F734.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F735.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F736.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F737.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F738.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F739.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F74A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F74B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F75C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F75D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F75E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F76E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F77F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F780.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F790.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F791.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F800.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F801.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F831.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F870.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F8B0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F8B1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F8E1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F93F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F97F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F980.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F981.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F982.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F9C1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F9C2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F9D3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F9D4.tmp.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\windows\explorer.exe => O arquivo é assinado digitalmente
C:\windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\windows\system32\services.exe => O arquivo é assinado digitalmente
C:\windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-01-27 15:19
==================== Fim de FRST.txt ============================
Executado por windows 8 (administrador) em WINDOWS8 (13-02-2016 17:32:18)
Executando a partir de C:\Users\windows 8\Desktop
Perfis Carregados: windows 8 (Perfis Disponíveis: windows 8)
Platform: Windows 8 Single Language (X64) Idioma: Português (Brasil)
Internet Explorer Versão 10 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\GrassSoft\Macro Expert\MacroService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\GrassSoft\Macro Expert\MacroServiceWnd.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
() C:\Users\windows 8\Microsoft\njwOq.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
(Microsoft Corporation) C:\Windows\SysWOW64\Taskmgr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(SEC) C:\Program Files\Samsung\Recovery\WCScheduler.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2014-05-05] (Banco Itaú Unibanco)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-24] (Atheros Communications)
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3829328 2014-05-15] (Tonec Inc.)
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-09] ()
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Run: [svchost.exe] => C:\Users\windows 8\AppData\Roaming\Default Folder\svchost.exe [32768 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\RunOnce: [Microsoft] => C:\Users\windows 8\Microsoft\njwOq.exe [1220283 2014-06-15] ()
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: E - "E:\.\StartModem.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {169868b6-af3b-11e4-becd-50b7c3cbde91} - "E:\.\StartModem.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {1f880442-bb8f-11e3-be99-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {1f880448-bb8f-11e3-be99-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {3b54d4f8-e2c0-11e4-bed5-50b7c3cbde91} - "E:\LGAutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {444793f0-18e8-11e4-beb3-50b7c3cbde91} - "E:\LG_PC_Programs.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {96a530ea-b697-11e3-be96-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {b71865c5-d44f-11e3-be9b-50b7c3cbde91} - "G:\iLinker.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {bc69d044-e7ff-11e3-bea2-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {bc69d049-e7ff-11e3-bea2-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {be29265b-a46e-11e3-be8c-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {be2926a6-a46e-11e3-be8c-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {be29284b-a46e-11e3-be8c-50b7c3cbde91} - "E:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {dd39f776-6c41-11e4-bec0-50b7c3cbde91} - "F:\AutoRun.exe"
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {dd39f783-6c41-11e4-bec0-50b7c3cbde91} - "F:\AutoRun.exe"
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1945472 2015-11-04] (Banco do Brasil)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\windows 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-18]
ShortcutTarget: MEGAsync.lnk -> C:\Users\windows 8\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{20F5812D-E470-4D7C-AE3E-2D756886BC97}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B632944F-1FB3-4ECA-920F-C6E185E512C5}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{B632944F-1FB3-4ECA-920F-C6E185E512C5}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKU\S-1-5-21-308377861-1605807132-3586080931-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-04-02] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-09-13] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-09-13] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-04-02] (Internet Download Manager, Tonec Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-25] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2014-05-05] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-25] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\windows 8\AppData\Roaming\Mozilla\Firefox\Profiles\vww4vy0s.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2016-01-19] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon
FF HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\windows 8\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\windows 8\AppData\Roaming\IDM\idmmzcc5 [2016-02-03] [não assinado]
FF HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\windows 8\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => não encontrado (a)
FF HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\windows 8\AppData\Roaming\IDM\idmmzcc5
Chrome:
=======
CHR dev: Chrome dev build detectado! <======= ATENÇÃO
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "search.mpc.am"
CHR DefaultSearchURL: Default -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
CHR DefaultSearchKeyword: Default -> mpc safe search
CHR Profile: C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-02]
CHR Extension: (Google Docs) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-02]
CHR Extension: (Google Drive) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02]
CHR Extension: (YouTube) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02]
CHR Extension: (Google Search) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
CHR Extension: (Planilhas do Google) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-02]
CHR Extension: (Unifinder New Tab) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggpcleoagckefcmekcbgdhhmcfcdofhj [2016-02-02]
CHR Extension: (Documentos Google off-line) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-02]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-02]
CHR Extension: (Gmail) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-02]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-01-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-01-19]
CHR HKLM-x32\...\Chrome\Extension: [ggpcleoagckefcmekcbgdhhmcfcdofhj] - C:\Users\windows 8\AppData\Local\adStartPage\unifinder.crx [2014-04-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-05-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S4 AcuWVSSchedulerv8; C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [1009840 2012-07-04] ()
S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros Commnucations) [Arquivo não assinado]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-02-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-02-13] (BlueStack Systems, Inc.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-01-31] (Samsung Electronics CO., LTD.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-11-04] (GAS Tecnologia)
S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Arquivo não assinado]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 Macro Expert; c:\program files (x86)\grasssoft\macro expert\MacroService.exe [413184 2015-02-26] () [Arquivo não assinado]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
S4 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado]
S4 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2921520 2013-04-09] (Samsung Electronics CO., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S4 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [Arquivo não assinado]
S4 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [Arquivo não assinado]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [Arquivo não assinado]
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20150921.003\BHDrvx64.sys [1650936 2015-09-23] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-13] (BlueStack Systems)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222952 2013-01-24] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-12] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-02] ()
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-02-13] (GAS Tecnologia)
R1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-09-22] (GAS Tecnologia)
S0 gbpddreg; C:\Windows\SysWOW64\drivers\gbpddreg64.sys [29816 2015-09-22] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-22] (GAS Tecnologia)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20150930.101\IDSVia64.sys [767224 2015-09-23] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160118.004\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160118.004\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [242688 2013-04-24] (QUALCOMM Incorporated)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 SymEFASI; C:\Windows\system32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-01-18] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-22] (GAS Tecnologia LTDA)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35232 2013-01-28] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [230904 2013-01-28] (Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2012-12-26] (MediaTek Inc.)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-02-13] (GAS Tecnologia)
R1 wsddpp; C:\windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 BprotectEx; \??\C:\windows\System32\drivers\BprotectEx.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X]
S1 iSafeKrnlR3; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X]
S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-02-13 17:32 - 2016-02-13 17:33 - 00028789 _____ C:\Users\windows 8\Desktop\FRST.txt
2016-02-13 17:32 - 2016-02-13 17:26 - 02370560 _____ (Farbar) C:\Users\windows 8\Desktop\FRST64.exe
2016-02-13 17:29 - 2016-02-13 17:32 - 00000000 ____D C:\FRST
2016-02-13 17:19 - 2016-02-13 17:19 - 00000000 ___RD C:\Users\windows 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-02-13 17:17 - 2016-02-13 17:17 - 00287248 _____ C:\windows\Minidump\021316-41296-01.dmp
2016-02-13 14:40 - 2016-02-13 14:40 - 00285792 _____ C:\windows\Minidump\021316-35437-01.dmp
2016-02-13 14:34 - 2016-02-13 14:34 - 00285792 _____ C:\windows\Minidump\021316-29578-01.dmp
2016-02-13 14:15 - 2016-02-13 14:15 - 00285792 _____ C:\windows\Minidump\021316-43515-01.dmp
2016-02-13 13:10 - 2016-02-13 14:18 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-13 12:38 - 2016-02-13 12:40 - 13704314 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance (4).ppsx
2016-02-13 12:24 - 2016-02-13 12:24 - 00003102 _____ C:\windows\System32\Tasks\{9AF5C6E6-6C20-4DEC-847E-07AD6076B80C}
2016-02-12 21:17 - 2016-02-12 21:17 - 00002922 _____ C:\windows\System32\Tasks\osTip
2016-02-12 21:17 - 2016-02-12 21:17 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-02-12 20:46 - 2016-02-12 20:46 - 00002034 _____ C:\Users\windows 8\Downloads\config.inc.php
2016-02-12 19:00 - 2016-02-12 19:00 - 00318016 _____ C:\Users\windows 8\Downloads\credlanc_site (22).sql
2016-02-11 21:17 - 2016-02-11 21:17 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\gplyra
2016-02-11 15:01 - 2016-02-11 15:01 - 00001338 _____ C:\Users\windows 8\Desktop\Limpeza Grátis de Registros!.lnk
2016-02-10 21:25 - 2016-02-10 21:25 - 00001190 _____ C:\Users\windows 8\Desktop\Continue Last version Installation.lnk
2016-02-10 21:21 - 2016-02-13 12:26 - 00000000 ____D C:\ProgramData\baidu
2016-02-10 21:20 - 2016-02-13 14:14 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-02-10 21:18 - 2016-02-10 21:18 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-02-07 20:49 - 2016-02-07 20:49 - 00000000 ____D C:\Default Folder
2016-02-07 16:09 - 2016-02-07 16:09 - 00000043 _____ C:\Users\windows 8\Desktop\raspadinha.txt
2016-02-05 00:00 - 2016-02-05 00:00 - 00287248 _____ C:\windows\Minidump\020516-30953-01.dmp
2016-02-04 11:38 - 2016-02-04 11:38 - 00002051 _____ C:\Users\windows 8\Downloads\transacoes_tipo.sql
2016-02-04 11:36 - 2016-02-04 11:36 - 00002051 _____ C:\Users\windows 8\Downloads\transacoes_tipo.sql.crdownload
2016-02-03 14:36 - 2016-02-13 14:06 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\systweak
2016-02-03 10:52 - 2016-02-03 10:52 - 00117558 _____ C:\Users\windows 8\Downloads\0022-16 Novo - PRR - Quem leva Intermediações e Agenciamento Via Internet Ltda - Me - Thiago Sá - C (1).pdf
2016-02-03 10:52 - 2016-02-03 10:52 - 00023245 _____ C:\Users\windows 8\Downloads\CLIENTES QUEMLEVA.xlsx
2016-02-02 17:29 - 2016-02-02 17:29 - 00000000 _____ C:\autoexec.bat
2016-02-02 17:19 - 2016-02-02 17:36 - 00000000 ____D C:\ProgramData\Ultra Adware Killer
2016-02-02 17:19 - 2016-02-02 17:19 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-02-01 23:02 - 2016-02-01 23:02 - 00285792 _____ C:\windows\Minidump\020116-24171-01.dmp
2016-02-01 20:16 - 2016-02-01 20:17 - 00000000 ____D C:\Users\windows 8\Desktop\Adf.ly autoviewer
2016-02-01 00:39 - 2016-02-01 00:39 - 00285792 _____ C:\windows\Minidump\020116-24468-01.dmp
2016-01-31 23:34 - 2016-02-13 14:05 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2016-01-31 23:12 - 2016-02-13 14:14 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\NubolUjaupc
2016-01-31 23:12 - 2016-01-31 23:12 - 00000000 ____D C:\Users\windows 8\AppData\Local\Tempfolder
2016-01-31 23:10 - 2016-02-13 14:06 - 00000000 ____D C:\Users\windows 8\AppData\LocalLow\Company
2016-01-31 23:09 - 2016-01-31 23:19 - 00000008 _____ C:\END
2016-01-31 23:05 - 2016-01-31 23:25 - 00000000 ____D C:\Users\windows 8\AppData\Local\Chromium
2016-01-31 22:58 - 2016-01-31 22:55 - 00001575 _____ C:\windows\system32\Drivers\etc\hp.bak
2016-01-31 22:46 - 2016-01-31 22:47 - 03840000 _____ C:\Users\windows 8\Downloads\bot_pokerstars_download.iso
2016-01-31 22:23 - 2016-02-13 17:19 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Imminent
2016-01-31 22:23 - 2016-02-13 14:28 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Default Folder
2016-01-31 22:23 - 2016-01-31 22:23 - 00000000 ___SH C:\Users\windows 8\xHlbGKVr.txt
2016-01-31 22:23 - 2014-06-15 20:25 - 01220283 _____ C:\njwOq.exe
2016-01-31 00:34 - 2016-01-31 00:34 - 00028724 _____ C:\Users\windows 8\Downloads\index1 (3).htm
2016-01-31 00:34 - 2016-01-31 00:34 - 00028724 _____ C:\Users\windows 8\Downloads\index1 (2).htm
2016-01-30 23:47 - 2016-01-30 23:47 - 00013258 _____ C:\Users\windows 8\Downloads\download (13).htm
2016-01-30 22:56 - 2016-01-30 22:56 - 00031196 _____ C:\Users\windows 8\Downloads\form-history-filters.htm
2016-01-30 22:56 - 2016-01-30 22:56 - 00024019 _____ C:\Users\windows 8\Downloads\index (3).htm
2016-01-30 10:42 - 2016-01-30 10:43 - 00004675 _____ C:\Users\windows 8\Downloads\membros_temp (1).sql
2016-01-28 20:58 - 2016-01-31 13:16 - 00000000 ____D C:\Users\windows 8\Documents\Conference
2016-01-28 20:58 - 2016-01-28 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conference Recording Service
2016-01-28 20:58 - 2016-01-28 20:58 - 00000000 ____D C:\Program Files (x86)\Conference Recording Service
2016-01-28 20:58 - 2011-05-26 11:15 - 04191424 _____ C:\windows\ConferenceRS.exe
2016-01-28 20:58 - 2011-05-26 11:15 - 00028704 _____ C:\windows\Hook.dll
2016-01-28 20:21 - 2016-01-28 20:21 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\(5C-51-88-CB-92-F5)
2016-01-28 11:30 - 2016-02-05 16:05 - 00000880 _____ C:\Users\windows 8\Desktop\HTTrack Website Copier.lnk
2016-01-28 11:30 - 2016-01-28 11:30 - 00000000 ____D C:\Program Files\WinHTTrack
2016-01-27 16:11 - 2016-01-27 16:11 - 00208864 _____ C:\Users\windows 8\Downloads\credlanc_site (21).sql
2016-01-27 11:38 - 2016-01-27 11:38 - 00207026 _____ C:\Users\windows 8\Downloads\credlanc_site (20).sql
2016-01-26 16:10 - 2016-01-26 16:10 - 00389006 _____ C:\Users\windows 8\Downloads\1.3.5.pdf
2016-01-26 13:43 - 2016-01-26 13:45 - 60179442 _____ C:\Users\windows 8\Downloads\Apresentação WBM do Brasil.mp4
2016-01-26 13:09 - 2016-01-26 13:09 - 00172605 _____ C:\Users\windows 8\Downloads\PLANO DE NEGÓCIO - FRANQUIA HOME.xlsx
2016-01-25 22:28 - 2016-01-25 22:32 - 14100240 _____ (LogMeIn, Inc.) C:\Users\windows 8\Downloads\join.me.exe
2016-01-25 22:16 - 2016-01-25 22:19 - 15650019 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance (3).ppsx
2016-01-25 21:35 - 2016-01-26 18:09 - 00000000 ____D C:\Users\windows 8\Desktop\Nova pasta
2016-01-25 20:58 - 2016-01-25 20:58 - 00252051 _____ C:\Users\windows 8\Downloads\Proposta.rar
2016-01-25 20:20 - 2016-01-25 20:22 - 15628821 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance (2).ppsx
2016-01-25 19:55 - 2016-01-25 19:55 - 00012302 _____ C:\Users\windows 8\Downloads\a5f3faec3b966eade381d00a6bbfdcc0.jpeg
2016-01-25 18:48 - 2016-01-25 18:48 - 00022736 _____ C:\Users\windows 8\Downloads\produto_nuvem.sql
2016-01-25 16:19 - 2016-01-25 16:19 - 00192287 _____ C:\Users\windows 8\Downloads\credlanc (1).sql
2016-01-25 16:19 - 2016-01-25 16:19 - 00181642 _____ C:\Users\windows 8\Downloads\credlanc_site (19).sql
2016-01-25 15:48 - 2016-01-25 15:48 - 00191990 _____ C:\Users\windows 8\Downloads\credlanc.sql
2016-01-25 12:14 - 2016-01-25 12:14 - 00180778 _____ C:\Users\windows 8\Downloads\credlanc_site (18).sql
2016-01-25 11:44 - 2016-01-25 11:44 - 00179610 _____ C:\Users\windows 8\Downloads\credlanc_site (17).sql
2016-01-24 14:41 - 2016-01-24 14:45 - 15597014 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance (1).ppsx
2016-01-23 11:43 - 2016-01-23 11:43 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\MPC-HC
2016-01-23 11:41 - 2016-01-23 11:41 - 00001081 _____ C:\Users\windows 8\Desktop\MPC-HC.lnk
2016-01-22 19:38 - 2016-01-22 19:38 - 00172444 _____ C:\Users\windows 8\Downloads\credlanc_site (16).sql
2016-01-22 17:01 - 2016-01-22 17:01 - 00117558 _____ C:\Users\windows 8\Downloads\0022-16 Novo - PRR - Quem leva Intermediações e Agenciamento Via Internet Ltda - Me - Thiago Sá - C.pdf
2016-01-22 16:49 - 2016-01-22 16:51 - 08274282 _____ C:\Users\windows 8\Downloads\Nova Apresentação.rar
2016-01-22 16:20 - 2016-01-23 13:18 - 00000000 ____D C:\Users\windows 8\Desktop\joao filho de raul
2016-01-20 12:22 - 2016-01-20 12:22 - 00029247 _____ C:\Users\windows 8\Downloads\funcoes.inc (1).php
2016-01-19 21:08 - 2016-01-19 21:08 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2016-01-19 21:03 - 2016-01-19 21:03 - 00003234 _____ C:\windows\System32\Tasks\Norton WSC Integration
2016-01-19 19:34 - 2016-01-19 19:34 - 16695176 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance.ppsx
2016-01-19 18:58 - 2016-01-19 18:58 - 00152981 _____ C:\Users\windows 8\Downloads\credlanc_site (15).sql
2016-01-19 10:33 - 2016-01-19 21:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-01-18 22:10 - 2016-02-13 14:18 - 00002413 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2016-01-18 20:03 - 2016-01-18 20:03 - 00000000 ____D C:\Users\windows 8\Desktop\drivers do pc
2016-01-18 18:41 - 2016-01-18 18:41 - 00069798 _____ C:\Users\windows 8\Desktop\7171601820667010.pdf
2016-01-18 16:55 - 2016-01-18 17:46 - 00000000 ____D C:\Users\windows 8\Documents\MEGAsync Downloads
2016-01-18 16:55 - 2016-01-18 16:55 - 00000000 ____D C:\Users\windows 8\AppData\Local\Mega Limited
2016-01-18 16:55 - 1969-12-31 22:00 - 729319424 _____ C:\Users\windows 8\Downloads\Windows XP BT Professional SP3 X86BITS 2015.iso
2016-01-18 16:52 - 2016-01-19 23:57 - 00000000 ____D C:\Users\windows 8\AppData\Local\MEGAsync
2016-01-18 16:52 - 2016-01-18 16:52 - 00001064 _____ C:\Users\windows 8\Desktop\MEGAsync.lnk
2016-01-18 16:52 - 2016-01-18 16:52 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-01-18 16:49 - 2016-01-18 16:50 - 10152576 _____ (MEGA Limited) C:\Users\windows 8\Downloads\MEGAsyncSetup.exe
2016-01-18 16:03 - 2016-01-18 16:03 - 01130137 _____ C:\Users\windows 8\Downloads\Windows XP PROFESSIONAL SP3 Jan 2015 SATA Drivers TechTools .cab
2016-01-18 14:54 - 2016-01-18 14:54 - 00000000 ____D C:\Bot ADDMEFAST
2016-01-18 14:54 - 2015-09-22 19:12 - 00121004 _____ C:\Bot ADDMEFAST.rar
2016-01-18 12:44 - 2016-01-18 13:22 - 383156224 _____ C:\Users\windows 8\Downloads\xpsp3_5512.080413-2113_br_x86fre_spcd.iso
2016-01-17 20:59 - 2016-01-17 20:59 - 00144402 _____ C:\Users\windows 8\Downloads\credlanc_site (14).sql
2016-01-16 18:50 - 2016-01-16 18:51 - 04704230 _____ C:\Users\windows 8\Downloads\WBM do Brasil.mp4
2016-01-14 18:29 - 2016-01-14 18:29 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-02-13 17:28 - 2015-07-31 09:33 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-02-13 17:27 - 2014-03-03 14:40 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\DMCache
2016-02-13 17:20 - 2015-08-23 23:08 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-13 17:19 - 2014-02-28 18:15 - 00000000 ____D C:\Users\windows 8\AppData\Local\CrashDumps
2016-02-13 17:19 - 2014-02-28 01:11 - 00001090 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-13 17:18 - 2016-01-02 17:35 - 00028888 _____ (GAS Tecnologia) C:\windows\system32\Drivers\gbpddfac64.sys
2016-02-13 17:18 - 2016-01-02 17:19 - 00101080 _____ (GAS Tecnologia) C:\windows\system32\Drivers\wsddfac.sys
2016-02-13 17:18 - 2014-09-19 00:47 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-02-13 17:18 - 2014-05-30 17:21 - 00065536 _____ C:\windows\system32\Ikeext.etl
2016-02-13 17:18 - 2012-07-26 05:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-13 17:17 - 2014-08-30 20:48 - 00000000 ____D C:\windows\Minidump
2016-02-13 17:17 - 2014-08-30 20:47 - 663222650 _____ C:\windows\MEMORY.DMP
2016-02-13 17:08 - 2014-06-16 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-13 17:03 - 2014-02-28 01:11 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-13 17:01 - 2013-05-16 04:09 - 00000000 ____D C:\ProgramData\WinClon
2016-02-13 16:56 - 2012-07-26 06:12 - 00000000 ____D C:\windows\tracing
2016-02-13 16:08 - 2014-05-01 14:40 - 00000000 ____D C:\Users\windows 8\AppData\Local\PokerStars
2016-02-13 16:05 - 2014-05-01 14:39 - 00000000 ____D C:\Program Files (x86)\PokerStars
2016-02-13 14:34 - 2014-02-10 02:53 - 00000000 ____D C:\Users\windows 8
2016-02-13 14:28 - 2014-03-03 23:55 - 16596992 ___SH C:\Users\windows 8\Desktop\Thumbs.db
2016-02-13 14:25 - 2012-07-26 03:26 - 00524288 ___SH C:\windows\system32\config\BBI
2016-02-13 14:18 - 2015-12-18 23:45 - 00001941 _____ C:\Users\Public\Desktop\PokerStars.lnk
2016-02-13 14:18 - 2015-12-10 23:22 - 00001890 _____ C:\Users\Public\Desktop\Apps.lnk
2016-02-13 14:18 - 2015-12-10 23:22 - 00001801 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2016-02-13 14:18 - 2015-11-03 21:12 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-13 14:18 - 2015-11-03 21:12 - 00002041 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-13 14:18 - 2015-10-31 18:01 - 00000957 _____ C:\Users\Public\Desktop\Steam.lnk
2016-02-13 14:18 - 2015-04-14 08:52 - 00002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-02-13 14:18 - 2014-12-11 13:05 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-02-13 14:18 - 2014-12-11 12:35 - 00001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2016-02-13 14:18 - 2014-12-11 12:34 - 00001195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2016-02-13 14:18 - 2014-12-10 11:16 - 00001638 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
2016-02-13 14:18 - 2014-12-10 11:15 - 00001550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk
2016-02-13 14:18 - 2014-12-10 11:12 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2016-02-13 14:18 - 2014-12-10 10:54 - 00001219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
2016-02-13 14:18 - 2014-12-10 10:47 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-02-13 14:18 - 2014-12-10 10:46 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2016-02-13 14:18 - 2014-12-07 20:40 - 00000959 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-02-13 14:18 - 2014-08-13 16:49 - 00001219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.lnk
2016-02-13 14:18 - 2014-08-13 16:48 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2016-02-13 14:18 - 2014-08-13 16:47 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2016-02-13 14:18 - 2014-08-13 16:47 - 00001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2016-02-13 14:18 - 2014-06-16 19:49 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-13 14:18 - 2014-03-25 11:48 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
2016-02-13 14:18 - 2014-03-25 11:47 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2016-02-13 14:18 - 2014-03-25 11:47 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2016-02-13 14:18 - 2014-03-25 11:46 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
2016-02-13 14:18 - 2014-03-25 11:45 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-02-13 14:18 - 2014-02-28 01:19 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-13 14:18 - 2013-05-16 04:25 - 00001968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-02-13 14:18 - 2013-05-16 04:20 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-02-13 14:18 - 2013-05-16 04:20 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-02-13 14:18 - 2013-05-16 04:03 - 00001900 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 11.lnk
2016-02-13 14:18 - 2012-07-26 03:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-02-13 14:17 - 2015-12-18 23:45 - 00001953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2016-02-13 14:17 - 2014-09-13 16:38 - 00000286 __RSH C:\ProgramData\ntuser.pol
2016-02-13 14:14 - 2012-07-26 06:12 - 00000000 ____D C:\windows\LiveKernelReports
2016-02-13 14:06 - 2015-07-24 14:02 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Elex-tech
2016-02-13 14:06 - 2015-07-24 14:02 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2016-02-13 13:10 - 2015-08-23 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-13 13:10 - 2015-08-23 23:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-13 12:58 - 2014-07-23 16:53 - 00000962 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-308377861-1605807132-3586080931-1001UA.job
2016-02-13 12:26 - 2014-06-16 20:01 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Baidu
2016-02-12 20:50 - 2014-06-16 19:27 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\FileZilla
2016-02-12 18:15 - 2014-09-16 13:54 - 00000000 ____D C:\Users\windows 8\Documents\Sicoob
2016-02-12 18:05 - 2014-09-13 19:08 - 00000000 ____D C:\Program Files\NetBeans 8.0.1
2016-02-12 15:58 - 2014-07-23 16:53 - 00000940 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-308377861-1605807132-3586080931-1001Core.job
2016-02-12 15:46 - 2015-12-25 19:44 - 00000000 ____D C:\Users\windows 8\Desktop\CREDLANCE SEGURO
2016-02-12 14:15 - 2016-01-11 10:07 - 00000000 ____D C:\Sicoobnet
2016-02-12 13:39 - 2012-07-26 06:12 - 00000000 ____D C:\windows\AUInstallAgent
2016-02-12 13:23 - 2012-07-26 06:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-12 11:32 - 2015-12-15 00:05 - 00000000 ____D C:\Users\windows 8\Desktop\CREDLANCE
2016-02-11 10:59 - 2016-01-11 10:12 - 00001416 _____ C:\Users\windows 8\Desktop\Sicoobnet Empresarial.lnk
2016-02-10 11:00 - 2014-11-16 21:32 - 00000000 ____D C:\Users\windows 8\AppData\Local\Adobe
2016-02-07 20:34 - 2012-07-26 03:37 - 00000000 ____D C:\windows\Inf
2016-02-07 17:11 - 2014-03-03 14:40 - 00000000 ____D C:\Users\windows 8\Downloads\Video
2016-02-05 15:19 - 2013-05-16 17:31 - 00762816 _____ C:\windows\system32\prfh0416.dat
2016-02-05 15:19 - 2013-05-16 17:31 - 00154608 _____ C:\windows\system32\prfc0416.dat
2016-02-05 15:19 - 2012-07-26 05:28 - 00922794 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-05 12:56 - 2016-01-03 15:09 - 00000000 ____D C:\Users\windows 8\Desktop\POKER
2016-02-03 14:26 - 2014-06-02 18:07 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\IDM
2016-02-02 21:58 - 2014-02-28 01:11 - 00004066 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 21:58 - 2014-02-28 01:11 - 00003830 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 17:26 - 2014-10-15 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
2016-02-02 17:26 - 2014-03-05 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro
2016-02-01 22:56 - 2014-06-19 20:36 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Skype
2016-02-01 20:26 - 2014-03-03 14:40 - 00000000 ____D C:\Users\windows 8\Downloads\Compressed
2016-02-01 15:36 - 2014-02-11 21:14 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-308377861-1605807132-3586080931-1001
2016-01-31 23:21 - 2014-02-10 02:54 - 00001406 _____ C:\Users\windows 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-31 22:48 - 2014-03-24 18:56 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\CyberLink
2016-01-31 22:08 - 2014-07-25 00:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-30 22:29 - 2014-09-19 00:47 - 00000000 ____D C:\ProgramData\GbPlugin
2016-01-28 22:30 - 2014-02-10 02:55 - 00000000 ____D C:\Users\windows 8\Documents\Bluetooth Folder
2016-01-28 21:39 - 2014-02-10 02:55 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Atheros
2016-01-28 21:21 - 2014-12-30 23:44 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\vlc
2016-01-28 16:36 - 2014-03-14 20:40 - 03372032 ___SH C:\Users\windows 8\Downloads\Thumbs.db
2016-01-28 11:35 - 2015-04-09 23:35 - 00000000 ____D C:\Meus Sites
2016-01-28 11:30 - 2015-04-09 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2016-01-27 12:24 - 2014-12-13 02:36 - 00000132 _____ C:\Users\windows 8\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2016-01-25 22:29 - 2014-09-18 01:27 - 00000000 ____D C:\Users\windows 8\Documents\Simple Sticky Notes
2016-01-24 17:09 - 2014-08-29 16:32 - 00000000 ____D C:\Users\windows 8\Desktop\Fankoob
2016-01-23 11:41 - 2014-02-11 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2016-01-23 11:41 - 2014-02-11 21:10 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2016-01-22 22:30 - 2012-07-26 06:12 - 00000000 ___HD C:\windows\ELAMBKUP
2016-01-21 11:27 - 2012-07-26 06:12 - 00000000 ____D C:\windows\system32\NDF
2016-01-20 13:41 - 2015-04-18 12:18 - 00000000 __RHD C:\Users\windows 8\Desktop\FAMILIA
2016-01-19 21:03 - 2013-05-16 04:07 - 00000000 ____D C:\windows\system32\Drivers\NISx64
2016-01-18 22:11 - 2013-05-16 04:09 - 00111344 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2016-01-18 22:11 - 2013-05-16 04:09 - 00008214 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2016-01-18 22:11 - 2013-05-16 04:09 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-01-18 22:11 - 2013-05-16 04:07 - 00000000 ____D C:\ProgramData\Norton
2016-01-18 22:09 - 2013-05-16 04:07 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-01-18 16:39 - 2014-12-02 00:22 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\uTorrent
2016-01-18 13:19 - 2015-12-07 11:52 - 00000000 ____D C:\Users\windows 8\Desktop\AddmeFast Bot - Ultimate [Xtmhacks.com]
==================== Arquivos na raiz de alguns diretórios =======
2014-09-17 21:26 - 2014-09-17 21:26 - 0000132 _____ () C:\Users\windows 8\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-06-01 18:19 - 2014-12-03 11:02 - 0000132 _____ () C:\Users\windows 8\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-10-15 19:31 - 2014-12-01 00:00 - 0000614 _____ () C:\Users\windows 8\AppData\Roaming\LiveSupport.exe_log.txt
2014-11-09 23:45 - 2014-04-01 19:22 - 0013986 ___SH () C:\Users\windows 8\AppData\Roaming\pgjk.vbs
2014-12-13 02:36 - 2016-01-27 12:24 - 0000132 _____ () C:\Users\windows 8\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2014-10-15 19:31 - 2014-10-15 19:31 - 0000092 _____ () C:\Users\windows 8\AppData\Roaming\regsvr32.exe_log.txt
2015-01-26 09:40 - 2015-01-26 09:40 - 0017997 _____ () C:\Users\windows 8\AppData\Roaming\unins000.dat
2015-01-26 09:40 - 2015-01-26 09:40 - 0730322 _____ () C:\Users\windows 8\AppData\Roaming\unins000.exe
2014-07-30 19:39 - 2014-07-30 19:39 - 0000044 _____ () C:\Users\windows 8\AppData\Roaming\WB.CFG
2015-12-07 13:01 - 2015-12-07 13:01 - 0001456 _____ () C:\Users\windows 8\AppData\Local\Adobe Salvar para Web 13.0 Prefs
2014-07-22 19:41 - 2014-07-22 20:12 - 0001456 _____ () C:\Users\windows 8\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-09-22 15:12 - 2014-09-22 15:12 - 0007605 _____ () C:\Users\windows 8\AppData\Local\Resmon.ResmonCfg
2014-09-06 21:37 - 2014-09-06 21:37 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-01 20:59 - 2015-02-01 20:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-16 03:56 - 2013-02-19 05:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-05-16 03:56 - 2013-01-12 12:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
Alguns arquivos em TEMP:
====================
C:\Users\windows 8\AppData\Local\Temp\2609.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\5675.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\5C89.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\8DA9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\98FB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\AF35.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\B9B8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\D999.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E899.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8F8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8F9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8FA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8FB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8FC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8FD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8FE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E8FF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E900.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E901.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E902.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E913.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E914.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E924.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E925.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E926.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E927.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E928.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E929.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E92A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E92B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E92C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E92D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E94D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E94E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E94F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E950.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E961.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E962.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E963.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E964.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E965.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E966.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E967.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E968.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E998.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E999.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E99A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E99B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E99C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E99D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E99E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E99F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9A0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9A1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9A2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9B9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9BA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9BB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9BC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9BD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9BE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9CE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9CF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9D8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9E9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9EA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9EB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9EC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9ED.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9EE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9EF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9F0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9F1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9F2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9F3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\E9F4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA04.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA05.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA06.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA07.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA08.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA09.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA0A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA0B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA0C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA1D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA1E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA1F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA20.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA21.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA22.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA23.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA24.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA25.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA26.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA27.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA38.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA39.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA3A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA3B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA3C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA3D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA3E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA3F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA40.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA41.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA42.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA52.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA53.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA54.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA55.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EA56.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EEDC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\EEFC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\esg_cleanup.exe
C:\Users\windows 8\AppData\Local\Temp\F0D2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F140.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F141.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F142.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F143.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F154.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F155.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F156.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F157.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F186.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F187.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F188.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F199.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F19A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F19B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F19C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F19D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F1AE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F1AF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F1B0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F20E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F20F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F25F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F260.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F261.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F271.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F272.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F273.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F274.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F285.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F286.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F287.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F288.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F289.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F299.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F29A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F29B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F29C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F29D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F29E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2AF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2B0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2B1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2B2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2B3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2C4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2C5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2C6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2C7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2C8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2D8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2D9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2DA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2DB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2EC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2ED.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2EE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2EF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F2F0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F301.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F302.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F303.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F304.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F305.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F306.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F307.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F308.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F318.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F319.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F32A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F32B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F32C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F32D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F32E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F32F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F330.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F331.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F332.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F342.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F353.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F354.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F365.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F366.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F367.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F368.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F369.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F36A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F36B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F37B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F37C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F37D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F37E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F37F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F380.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F381.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F382.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F383.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F384.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F385.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F396.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F397.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F398.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F399.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3AA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3AB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3AC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3AD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3AE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3BE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3BF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3C7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3D8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3D9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3DA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3EA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3EB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3EC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3ED.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3EE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3EF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3F0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3F1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3F2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3F3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F3F4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F405.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F406.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F417.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F418.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F419.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F41A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F41B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F41C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F41D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F41E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F42E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F42F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F430.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F431.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F442.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F453.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F454.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F455.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F465.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F466.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F467.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F478.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F479.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F499.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4AA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4AB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4AC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4AD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4BD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4BE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4CF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4D0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4D1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4F1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F4F2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F504.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F514.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F525.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F526.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F527.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F528.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F529.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F52A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F52B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F52C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F52D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F52E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F53F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F540.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F541.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F542.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F543.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F544.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F564.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F584.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F585.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F5A5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F5A6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F5A7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F5A8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F5A9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F5AA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F638.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F639.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F63A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F63B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F63C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F63D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F63E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F63F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F650.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F651.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F652.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F653.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F654.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F655.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F656.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F666.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F667.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F668.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F669.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F66A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F66B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F66C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F67D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F67E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F67F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F680.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F681.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F682.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F683.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F684.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F685.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F686.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F697.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F698.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F699.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F69A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F69B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F69C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F69D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F69E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F69F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6A0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6B9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6CA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6CB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6CC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6CD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6CE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6CF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6D0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6D1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6D2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6D3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E4.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E5.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E6.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E7.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E8.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6E9.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6EA.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6EB.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6FC.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6FD.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6FE.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F6FF.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F700.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F701.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F702.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F703.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F704.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F705.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F716.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F717.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F718.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F719.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F71A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F71B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F71C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F71D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F71E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F71F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F72F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F730.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F731.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F732.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F733.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F734.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F735.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F736.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F737.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F738.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F739.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F74A.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F74B.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F75C.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F75D.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F75E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F76E.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F77F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F780.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F790.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F791.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F800.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F801.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F831.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F870.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F8B0.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F8B1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F8E1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F93F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F97F.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F980.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F981.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F982.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F9C1.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F9C2.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F9D3.tmp.exe
C:\Users\windows 8\AppData\Local\Temp\F9D4.tmp.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\windows\explorer.exe => O arquivo é assinado digitalmente
C:\windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\windows\system32\services.exe => O arquivo é assinado digitalmente
C:\windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-01-27 15:19
==================== Fim de FRST.txt ============================