Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:10-04-2016 01
Executado por Felipe (administrador) em FELIPE-PC (12-04-2016 16:15:16)
Executando a partir de C:\Users\Felipe\Desktop
Perfis Carregados: Felipe (Perfis Disponíveis: Felipe)
Platform: Microsoft Windows 7 Ultimate (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão não detectado!)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\ProgramData\AppxedtatS\AppxedtatS.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Users\Felipe\AppData\Roaming\Uvulgi\Uvulgi.exe
() C:\Users\Felipe\AppData\Roaming\Uvulgi\Awabtocuce.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
() C:\Users\Felipe\AppData\Roaming\ExukNirji\Topexiud.exe
() C:\Users\Felipe\AppData\Roaming\Ufyakq\Ufyakq.exe
() C:\Users\Felipe\AppData\Roaming\Ufyakq\Monav.exe
() C:\Users\Felipe\AppData\Roaming\Yacoifbaz\Yacoifbaz.exe
() C:\Users\Felipe\AppData\Roaming\Yacoifbaz\Moasco.exe
(DotC United Inc) C:\Program Files\MPC Cleaner\MPCTray.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
() C:\Users\Felipe\AppData\Roaming\ByueCura\Zojhipk.exe
() C:\Users\Felipe\AppData\Local\Apps\2.0\abril.exe
() C:\Users\Felipe\AppData\Roaming\Asapg\Asapg.exe
() C:\Users\Felipe\AppData\Roaming\Asapg\Etunkahmay.exe
() C:\Users\Felipe\AppData\Roaming\EooripFogg\Loasci.exe
() C:\Users\Felipe\AppData\Roaming\HucinFidbozi\Aidoafic.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(© 2015 Microsoft Corporation) C:\Users\Felipe\AppData\Local\Microsoft\BingSvc\BingSvc.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
() C:\ProgramData\msiql.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\ProgramData\DCHP\DCHP.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] ()
HKLM\...\Run: [HomePageHelper] => c:\users\felipe\appdata\roaming\homepage.exe [1100288 2015-11-25] ()
HKLM\...\RunOnce: [WINDOWS_SCREEN_MANAGER_UPDATER_1] => C:\Program Files\Windows Screen Manager\Windows screen manage updater.exe [16896 2016-04-11] (Wizzservices)
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [GoogleChromeAutoLaunch_3598036481B262A4AE210A3CE1B03E37] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [BingSvc] => C:\Users\Felipe\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-04] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [YeaInstaller] => C:\Users\Felipe\AppData\Local\Temp\56AG92J7J\56AG92J7J.exe <===== ATENÇÃO
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2055168 2016-04-07] ()
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [Pritc] => C:\Users\Felipe\AppData\Local\Temp\is-NB6G5.tmp\print.exe <===== ATENÇÃO
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [msiql] => C:\ProgramData\msiql.exe [1917952 2016-04-01] ()
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\MountPoints2: {fd7fcc6b-8734-11e5-bbfd-5cc9d3f60713} - G:\Setup.exe
AppInit_DLLs: C:\ProgramData\AppxedtatS\Finla.dll => C:\ProgramData\AppxedtatS\Finla.dll [257536 2016-04-12] ()
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog5 08 C:\ProgramData\System32\SafeGuard32.dll [2771896 2016-04-11] ()
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 20.23.52.1
Tcpip\..\Interfaces\{233DCDF9-EE70-4DDA-8B47-9E79C55F720E}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{74C38BCE-6413-4354-99B8-5C3A5F3C6E3D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{AC94A06A-36E7-4BA2-895E-460B2BD69B93}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{E45AACF7-B072-4B6F-8227-A7832D843F2A}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{E45AACF7-B072-4B6F-8227-A7832D843F2A}: [DhcpNameServer] 20.23.52.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=br
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo=br
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms}
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms}
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms}
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=br
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms}
SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKU\S-1-5-21-3498507567-1271723686-615099086-1000 -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.mpc.am/index/search?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968&ie=UTF-8
SearchScopes: HKU\S-1-5-21-3498507567-1271723686-615099086-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKU\S-1-5-21-3498507567-1271723686-615099086-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: hxxp://www.hohosearch.com/?ts=AHEqA3EmAHUmCE..&v=20160409&uid=19E5649E23490F96CBB81A1ADCAB55FC&ptid=clc&mode=ffseng
FF DefaultSearchEngine: hohosearch
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch
FF SelectedSearchEngine: hohosearch
FF Homepage: search.mpc.am/?geo=br
FF Keyword.URL: hxxp://www.hohosearch.com/chrome.php?uid=19E5649E23490F96CBB81A1ADCAB55FC&ptid=ftp&ts=AHEqA3EmAHYlBE..&v=20160409&mode=ffexttoolbar&q=
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF user.js: detected! => C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\user.js [2016-04-11]
FF user.js: detected! => C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p8sxnvxd.default-1460421532074\user.js [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\searchplugins\.xml [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\searchplugins\DD1B66D4.xml [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\searchplugins\navegaki.xml [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p8sxnvxd.default-1460421532074\searchplugins\DD1B66D4.xml [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\.xml [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\findit.xml [2016-04-12]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\navegaki.xml [2016-04-11]
FF Extension: Quick Searcher - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-11] [não assinado]
FF Extension: Adblock Plus - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-31]
FF Extension: Quick Searcher - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\Extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-11] [não assinado]
FF Extension: GsearchFinder - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-04-09]
FF Extension: Adblock Plus - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-31]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://vosteran.com/?f=7&a=vst_ggfc_15_04_ch&cd=2XzuyEtN2Y1L1QzuyD0C0Czy0DtA0FyCtDyBtCtAtAtC0AyCtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0DtAtA0AyD0DyBtGtA0CzztBtG0AyB0F0CtG0CyD0EzztGtBzzzy0C0AyByC0DyBtCzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BzztByB0FzzzztGyDyBtCzytGyEzz0B0EtG0AtAtDtDtGtAtC0BtAzztB0EtD0DtB0Fzz2Q&cr=936708617&ir=","hxxp://binkiland.com/?f=7&a=bnk_cmi_15_08&cd=2XzuyEtN2Y1L1QzuyD0C0Czy0DtA0FyCtDyBtCtAtAtC0AyCtN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyEzzyBtBtDtBtBtGzztD0AtAtGtD0CyB0AtGyD0BtCyEtGyBtCtCtA0F0A0FzzyE0DtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BzztByB0FzzzztGyDyBtCzytGyEzz0B0EtG0AtAtDtDtGtAtC0BtAzztB0EtD0DtB0Fzz2Q&cr=29741416&ir=","hxxp://do-search.com/?type=hp&ts=1430666171&from=cor&uid=ST500DM002-1BD142_6VMXMYXBXXXX6VMXMYXB","hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxi01_15_19¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzzyB0F0C0E0CyCyEyB0FyDtDyD0AtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFyDtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0C0FzytCyCtGzyyCtCzytGyCzytAtAtGzy0AyEtCtGyBtAtAyE0EyC0A0CyDtD0C0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtC0D0EtCyDyE0FtG0CyCtB0CtGyE0B0E0DtGzytAzy0DtGyD0EtC0F0CtAtCyE0Ezz0E0F2QtN0A0LzuyE%26cr%3D603851012%26a%3Dwncy_bxi01_15_19%26os%3DWindows 7 Ultimate","hxxp://www.hohosearch.com/?mode=nnnb&ptid=icb&uid=1FA9805588624C02F20396D1664F0444&v=20160409&ts=AHEqA3ElC3UmAE..","hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=3d2334dc21396b6d674d81cdd87fca66"
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kt7Wn_ZnG5f1_OnM8U6o5-4oQ7_nJ5sWBjq1mH6bFAt53S0HpS7xRZW9-nK-ZjznTbsfg8-kWNf3xFkhej8OA0erj9o,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-10]
CHR Extension: (Google Drive) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]
CHR Extension: (YouTube) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10]
CHR Extension: (Google Search) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Planilhas do Google) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-10]
CHR Extension: (Documentos Google off-line) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKU\S-1-5-21-3498507567-1271723686-615099086-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [593376 2013-04-11] (Intel Corporation)
R2 AppxedtatS; C:\ProgramData\\AppxedtatS\\AppxedtatS.exe [692736 2016-04-12] () [Arquivo não assinado]
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512 2011-11-21] (ASUS)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437784 2016-04-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-07] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files\BlueStacks\HD-Plus-Service.exe [433688 2016-04-07] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [921112 2016-04-07] (BlueStack Systems, Inc.)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-09-12] (Intel(R) Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 Cadidovpen; C:\Users\Felipe\AppData\Roaming\Uvulgi\Uvulgi.exe [174440 2016-04-11] ()
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [1015808 2016-04-11] () [Arquivo não assinado]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation)
R2 DCHP; C:\ProgramData\\DCHP\\DCHP.exe [400384 2016-04-12] () [Arquivo não assinado]
R2 Deibj; C:\Users\Felipe\AppData\Roaming\ExukNirji\Topexiud.exe [125800 2016-04-11] ()
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [383640 2015-09-14] ()
R2 Gepmed; C:\Users\Felipe\AppData\Roaming\Ufyakq\Ufyakq.exe [174472 2016-04-11] () [Arquivo não assinado]
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [922928 2015-11-12] (NVIDIA Corporation)
R2 Gitmibfit; C:\Users\Felipe\AppData\Roaming\Yacoifbaz\Yacoifbaz.exe [174432 2016-04-11] ()
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1747456 2016-03-31] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\Users\Felipe\AppData\Roaming\svrupg.exe [2767872 2016-04-11] (TODO: ) [Arquivo não assinado]
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [274024 2015-06-04] (Intel Corporation)
S2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-04-11] (DotC United Inc)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-05-08] ()
S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6288688 2015-11-12] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4611888 2015-11-12] (NVIDIA Corporation)
R2 Ooucanut; C:\Users\Felipe\AppData\Roaming\ByueCura\Zojhipk.exe [125800 2016-04-11] ()
R2 ProntSpooler; C:\Users\Felipe\AppData\Local\Apps\2.0\abril.exe [124928 2016-04-07] () [Arquivo não assinado]
R2 Pulfoizl; C:\Users\Felipe\AppData\Roaming\Asapg\Asapg.exe [174440 2016-04-11] ()
R2 Sukdadp; C:\Users\Felipe\AppData\Roaming\EooripFogg\Loasci.exe [125832 2016-04-11] () [Arquivo não assinado]
S3 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-09-14] ()
R2 Torcepx; C:\Users\Felipe\AppData\Roaming\HucinFidbozi\Aidoafic.exe [125792 2016-04-11] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [383640 2015-09-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S3 XBox; C:\Users\Felipe\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2530032 2013-05-08] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R3 AiCharger; C:\Windows\System32\DRIVERS\AiCharger.sys [14720 2012-05-07] (ASUSTek Computer Inc.)
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112608 2013-04-11] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [112608 2013-04-11] (Windows (R) Win 7 DDK provider)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2910720 2015-04-12] (Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [14464 2011-09-07] (ASUS)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [140856 2016-04-07] (BlueStack Systems)
R2 BstkDrv; C:\Program Files\BlueStacks\BstkDrv.sys [220216 2016-04-06] (Bluestack System Inc. )
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [62272 2016-04-11] (Cherimoya Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2015-11-09] (DT Soft Ltd)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [15680 2012-05-21] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [350016 2012-05-21] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793920 2012-05-21] (Intel Corporation)
R0 MPCBase; C:\Windows\System32\drivers\MPCBase.sys [29032 2016-04-11] (DotC United Inc)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [52968 2016-04-11] (DotC United Inc)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [26928 2015-11-05] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18736 2015-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44840 2015-11-05] (NVIDIA Corporation)
R2 Proteq; C:\Windows\system32\Drivers\Proteq.sys [7598 2014-06-23] (PROTEQ) [Arquivo não assinado]
R3 RSBASTOR; C:\Windows\System32\DRIVERS\RtsBaStor.sys [219240 2012-02-01] (Realtek Semiconductor Corp.)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-12 16:15 - 2016-04-12 16:15 - 00000000 ____D C:\FRST
2016-04-12 16:13 - 2016-04-12 16:13 - 00000000 ____D C:\Users\Todos os Usuários\DCHP
2016-04-12 16:13 - 2016-04-12 16:13 - 00000000 ____D C:\ProgramData\DCHP
2016-04-12 16:10 - 2016-04-12 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-04-12 04:24 - 2016-04-12 04:24 - 00000000 ____D C:\Users\Todos os Usuários\AppxedtatSs
2016-04-12 04:24 - 2016-04-12 04:24 - 00000000 ____D C:\ProgramData\AppxedtatSs
2016-04-12 04:23 - 2016-04-12 16:13 - 00000000 ____D C:\Users\Todos os Usuários\AppxedtatS
2016-04-12 04:23 - 2016-04-12 16:13 - 00000000 ____D C:\ProgramData\AppxedtatS
2016-04-11 22:55 - 2016-04-12 04:24 - 00001401 _____ C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-11 22:54 - 2016-04-12 16:10 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-11 22:54 - 2016-04-11 22:54 - 00000678 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-11 22:46 - 2016-04-11 22:47 - 00000354 _____ C:\Windows\Tasks\MPC AdCleaner.job
2016-04-11 22:46 - 2016-04-11 22:47 - 00000000 ____D C:\Program Files\MPC AdCleaner
2016-04-11 22:46 - 2016-04-11 22:46 - 00001821 _____ C:\Users\Felipe\Desktop\MPC AdCleaner.lnk
2016-04-11 22:46 - 2016-04-11 22:46 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
2016-04-11 22:44 - 2016-04-11 22:44 - 00000000 ____D C:\Program Files\SunnyDayApps
2016-04-11 22:44 - 2016-04-11 22:44 - 00000000 ____D C:\Program Files\rec_en_251
2016-04-11 22:41 - 2016-04-11 22:41 - 00000000 ____D C:\Program Files\Windows Screen Manager
2016-04-11 22:33 - 2016-04-11 22:33 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\MCorp
2016-04-11 22:28 - 2016-04-12 16:10 - 00001687 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-04-11 22:08 - 2016-04-11 22:09 - 00000000 ____D C:\Program Files\NewExt
2016-04-11 22:07 - 2016-04-11 22:07 - 00000000 ____D C:\Users\Todos os Usuários\115792b6-7e71-1
2016-04-11 22:07 - 2016-04-11 22:07 - 00000000 ____D C:\ProgramData\115792b6-7e71-1
2016-04-11 22:03 - 2016-04-11 22:38 - 00489916 _____ C:\Windows\ntbtlog.txt
2016-04-11 22:00 - 2016-04-11 22:00 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Uvulgi
2016-04-11 22:00 - 2016-04-11 22:00 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\ExukNirji
2016-04-11 21:51 - 2016-04-11 22:00 - 00062272 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-04-11 21:50 - 2016-04-11 21:50 - 00000000 ____D C:\Users\Felipe\Mozilla
2016-04-11 21:49 - 2016-04-11 21:49 - 00011426 _____ C:\Users\Felipe\Desktop\Addition.txt
2016-04-11 21:45 - 2016-04-12 16:16 - 00024955 _____ C:\Users\Felipe\Desktop\FRST.txt
2016-04-11 21:44 - 2016-04-11 21:44 - 01725952 _____ (Farbar) C:\Users\Felipe\Desktop\FRST.exe
2016-04-11 21:41 - 2016-04-11 21:50 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\UPUpdata
2016-04-11 21:39 - 2016-04-11 21:39 - 00000801 _____ C:\Windows\system32\${LOGFILE}
2016-04-11 21:38 - 2016-04-11 21:38 - 00000000 ____D C:\Users\Felipe\Desktop\Dados anteriores do Firefox
2016-04-11 21:32 - 2016-04-11 22:28 - 00000000 ____D C:\Program Files\MPC Cleaner
2016-04-11 21:32 - 2016-04-11 21:47 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-04-11 21:32 - 2016-04-11 21:47 - 00000000 ____D C:\ProgramData\System32
2016-04-11 21:32 - 2016-04-11 21:32 - 00052968 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-04-11 21:32 - 2016-04-11 21:32 - 00029032 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCBase.sys
2016-04-11 21:28 - 2016-04-11 21:28 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\ByueCura
2016-04-11 21:28 - 2016-04-11 21:28 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Asapg
2016-04-11 21:26 - 2016-04-11 21:26 - 00333506 _____ (AnySend.com) C:\Users\Felipe\AppData\Local\nsd50EB.tmp
2016-04-11 21:25 - 2016-04-11 21:25 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\XBox
2016-04-11 21:24 - 2016-04-11 21:34 - 00000000 ____D C:\Program Files\Hostify
2016-04-11 21:24 - 2016-04-11 21:24 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-04-11 21:24 - 2016-04-11 21:24 - 00000000 ____D C:\Users\Todos os Usuários\baidu
2016-04-11 21:24 - 2016-04-11 21:24 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Baidu
2016-04-11 21:24 - 2016-04-11 21:24 - 00000000 ____D C:\ProgramData\baidu
2016-04-11 21:24 - 2016-04-11 21:23 - 00333506 _____ (AnySend.com) C:\Users\Felipe\AppData\Local\nss1A90.tmp
2016-04-11 21:24 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Felipe\AppData\Roaming\delCalendarReg.exe
2016-04-11 21:23 - 2016-04-11 21:23 - 00016815 _____ C:\Users\Felipe\AppData\Roaming\webad.xml
2016-04-11 21:23 - 2016-04-11 21:23 - 00001926 ____R C:\Users\Felipe\Desktop\Yeabeats Browser.lnk
2016-04-11 21:22 - 2016-04-01 14:51 - 01917952 _____ C:\Users\Felipe\AppData\Roaming\msiql.exe
2016-04-11 21:22 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Felipe\AppData\Roaming\HomePage.exe
2016-04-11 21:20 - 2016-04-11 21:20 - 00000286 __RSH C:\Users\Felipe\ntuser.pol
2016-04-11 21:14 - 2016-04-11 21:42 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\cpuminer
2016-04-11 21:14 - 2016-04-11 21:14 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\gplyra
2016-04-11 21:14 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2016-04-11 21:14 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-04-11 21:13 - 2016-04-11 21:13 - 00196608 _____ C:\Windows\kaz.exe
2016-04-11 21:13 - 2016-04-11 21:13 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-04-11 21:13 - 2016-04-11 21:13 - 00000000 ____D C:\ProgramData\Windows Update
2016-04-11 21:12 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe
2016-04-11 21:12 - 2016-02-24 06:18 - 01085440 _____ C:\ProgramData\delCalendarReg.exe
2016-04-11 21:11 - 2016-04-11 21:11 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Ufyakq
2016-04-11 21:11 - 2016-04-11 21:11 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\EooripFogg
2016-04-11 21:10 - 2016-04-11 21:21 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\LightGate
2016-04-11 21:10 - 2016-04-11 21:10 - 01626416 _____ C:\Users\Felipe\AppData\Roaming\Don-Stock.tst
2016-04-11 21:10 - 2016-04-11 21:05 - 01015808 _____ C:\Users\Felipe\AppData\Roaming\Don-Stock.exe
2016-04-11 21:10 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2016-04-11 21:10 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-04-11 21:09 - 2016-04-11 22:55 - 02767872 _____ (TODO: ) C:\Users\Felipe\AppData\Roaming\svrupg.exe
2016-04-11 21:09 - 2016-04-11 22:55 - 00016815 _____ C:\Users\Todos os Usuários\webad.xml
2016-04-11 21:09 - 2016-04-11 22:55 - 00016815 _____ C:\ProgramData\webad.xml
2016-04-11 21:09 - 2016-04-11 21:39 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Nosibay
2016-04-11 21:09 - 2016-04-11 21:09 - 00072699 _____ C:\Users\Felipe\AppData\Roaming\DuoCanlight.tst
2016-04-11 21:09 - 2016-04-11 21:05 - 01015808 _____ C:\Users\Felipe\AppData\Roaming\DuoCanlight.exe
2016-04-11 21:08 - 2016-04-11 21:08 - 00848437 _____ C:\Users\Felipe\AppData\Roaming\Holdtam.bin
2016-04-11 21:08 - 2016-04-11 21:08 - 00000000 ____D C:\Users\Felipe\AppData\Local\Setup Wizard
2016-04-11 21:08 - 2016-04-11 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WNetworkEn
2016-04-11 21:08 - 2016-04-01 14:51 - 01917952 _____ C:\Users\Todos os Usuários\msiql.exe
2016-04-11 21:08 - 2016-04-01 14:51 - 01917952 _____ C:\ProgramData\msiql.exe
2016-04-11 21:07 - 2016-04-11 21:29 - 00000000 ____D C:\Users\Felipe\AppData\Local\00000236-1460408863-8000-FFFF-40167EA038C9
2016-04-11 21:07 - 2016-04-11 21:07 - 00000000 ____D C:\Users\Felipe\AppData\Local\rec_en_251
2016-04-11 21:06 - 2016-04-12 04:24 - 00002405 _____ C:\Windows\system32\findit.xml
2016-04-11 21:06 - 2016-04-11 21:06 - 00000000 ____D C:\Users\Todos os Usuários\Statdexs
2016-04-11 21:06 - 2016-04-11 21:06 - 00000000 ____D C:\ProgramData\Statdexs
2016-04-11 21:06 - 2016-04-11 21:00 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-04-11 21:05 - 2016-04-11 22:14 - 00000000 ____D C:\Users\Todos os Usuários\Statdex
2016-04-11 21:05 - 2016-04-11 22:14 - 00000000 ____D C:\ProgramData\Statdex
2016-04-11 21:05 - 2016-04-11 22:00 - 00000000 ____D C:\Users\Felipe\AppData\Local\Tempfolder
2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Yacoifbaz
2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\HucinFidbozi
2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\Users\Felipe\AppData\LocalLow\Company
2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\Users\Felipe\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\uninst
2016-04-11 21:04 - 2016-04-11 21:10 - 06504960 _____ C:\Users\Felipe\AppData\Roaming\agent.dat
2016-04-11 21:04 - 2016-04-11 21:10 - 00126464 _____ C:\Users\Felipe\AppData\Roaming\noah.dat
2016-04-11 21:04 - 2016-04-11 21:10 - 00065424 _____ C:\Users\Felipe\AppData\Roaming\Config.xml
2016-04-11 21:04 - 2016-04-11 21:10 - 00018432 _____ C:\Users\Felipe\AppData\Roaming\Main.dat
2016-04-11 21:04 - 2016-04-11 21:04 - 01626416 _____ C:\Users\Felipe\AppData\Roaming\Hat-Fax.tst
2016-04-11 21:04 - 2016-04-11 20:58 - 01015808 _____ C:\Users\Felipe\AppData\Roaming\Hat-Fax.exe
2016-04-11 21:04 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Todos os Usuários\service.exe
2016-04-11 21:04 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Felipe\AppData\Roaming\service.exe
2016-04-11 21:04 - 2016-03-31 11:32 - 01747456 _____ C:\ProgramData\service.exe
2016-04-11 21:03 - 2016-04-12 04:23 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter
2016-04-11 21:03 - 2016-04-12 04:23 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-04-11 21:03 - 2016-04-11 21:41 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-04-11 21:03 - 2016-04-11 21:41 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-04-11 21:03 - 2016-04-11 21:10 - 00005568 _____ C:\Users\Felipe\AppData\Roaming\md.xml
2016-04-11 21:03 - 2016-04-11 21:09 - 00126464 _____ C:\Users\Felipe\AppData\Roaming\lobby.dat
2016-04-11 21:03 - 2016-04-11 21:09 - 00054272 _____ C:\Users\Felipe\AppData\Roaming\ApplicationHosting.dat
2016-04-11 21:03 - 2016-04-11 21:03 - 00072699 _____ C:\Users\Felipe\AppData\Roaming\Istansoft.tst
2016-04-11 21:03 - 2016-04-11 20:58 - 01015808 _____ C:\Users\Felipe\AppData\Roaming\Istansoft.exe
2016-04-11 21:01 - 2016-04-11 21:01 - 00848437 _____ C:\Users\Felipe\AppData\Roaming\Doubleis.bin
2016-04-11 21:00 - 2016-04-11 21:00 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-04-11 21:00 - 2016-04-11 21:00 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-04-11 20:59 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Felipe\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-04-11 20:58 - 2016-04-11 21:06 - 00015408 _____ C:\Users\Felipe\AppData\Roaming\InstallationConfiguration.xml
2016-04-11 20:58 - 2016-04-11 21:05 - 00127488 _____ C:\Users\Felipe\AppData\Roaming\Installer.dat
2016-04-11 20:58 - 2016-04-11 21:05 - 00078801 _____ C:\Users\Felipe\AppData\Roaming\inst.lat
2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\Users\Todos os Usuários\115792b6-2b57-0
2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\Users\Todos os Usuários\115792b6-1b75-1
2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\Users\Felipe\AppData\Local\csdi_monetize_220160408
2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\ProgramData\115792b6-2b57-0
2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\ProgramData\115792b6-1b75-1
2016-04-11 20:57 - 2016-04-11 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioVideoKit
2016-04-11 20:57 - 2016-04-11 20:57 - 00000000 ____D C:\Users\Felipe\AppData\Local\csdi_monetize_120160408
2016-04-11 20:56 - 2016-04-11 20:56 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\FreeVPN
2016-04-11 20:56 - 2016-04-11 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free VPN
2016-04-11 20:55 - 2016-04-11 20:55 - 00000668 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-04-11 20:55 - 2016-04-11 20:55 - 00000668 __RSH C:\ProgramData\ntuser.pol
2016-04-11 20:54 - 2016-04-11 22:02 - 00000000 ____D C:\Users\Felipe\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-04-11 20:54 - 2016-04-11 21:42 - 00000000 ____D C:\Program Files\Screenify
2016-04-11 20:53 - 2016-04-11 20:54 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-11 20:52 - 2016-04-11 21:13 - 15793935 _____ C:\Users\Felipe\Downloads\asus-x53u-web-camera-driver
2016-04-10 22:44 - 2011-03-09 20:07 - 06332520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\rtsuvc.sys
2016-04-10 22:32 - 2016-04-10 22:32 - 00031832 _____ (Phoenix Technologies) C:\Windows\system32\Drivers\DrvAgent32.sys
2016-04-10 22:32 - 2016-04-10 22:32 - 00000000 ____D C:\Users\Felipe\AppData\Local\eSupport.com
2016-04-10 22:32 - 2016-04-10 22:32 - 00000000 ____D C:\Program Files\eSupport.com
2016-04-10 16:11 - 2016-04-10 16:28 - 00000000 ____D C:\Users\Felipe\Downloads\Martinho da Vila - Definitivo
2016-04-10 12:34 - 2016-04-10 13:36 - 00000000 ____D C:\Users\Felipe\Downloads\Quim Barreiros - Dar ao Apito 2012
2016-04-10 11:34 - 2016-04-10 12:01 - 00000000 ____D C:\Users\Felipe\Downloads\QUIM BARREIROS
2016-04-08 11:05 - 2016-04-08 11:05 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Macromedia
2016-04-08 11:05 - 2016-04-08 11:05 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Adobe
2016-04-08 11:05 - 2016-04-08 11:05 - 00000000 ____D C:\Users\Felipe\AppData\Local\Macromedia
2016-04-08 11:03 - 2016-04-08 11:06 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksGameManager
2016-04-08 11:03 - 2016-04-08 11:06 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-04-08 11:03 - 2016-04-08 11:03 - 00001701 _____ C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-04-08 11:03 - 2016-04-08 11:03 - 00001677 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-04-08 11:00 - 2016-04-08 11:02 - 00000000 ____D C:\Program Files\BlueStacks
2016-04-08 11:00 - 2016-04-08 11:01 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacks
2016-04-08 11:00 - 2016-04-08 11:01 - 00000000 ____D C:\ProgramData\BlueStacks
2016-04-08 10:59 - 2016-04-11 17:17 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksSetup
2016-04-08 10:59 - 2016-04-11 17:17 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-04-08 10:59 - 2016-04-08 10:59 - 00000000 ____D C:\Users\Felipe\AppData\Local\Bluestacks
2016-04-08 10:38 - 2016-04-08 10:38 - 00000000 ____D C:\Users\Felipe\Desktop\RENDER
2016-04-08 10:34 - 2016-04-08 10:55 - 311681768 _____ (BlueStack Systems Inc.) C:\Users\Felipe\Downloads\BlueStacks2_native.exe
2016-04-08 10:30 - 2016-04-08 10:30 - 00000000 ____D C:\Users\Felipe\Desktop\Nova pasta
2016-04-05 12:30 - 2016-04-05 12:30 - 00137728 _____ C:\Windows\9b5e5585d25ad04e83f5891085baf225.exe
2016-03-31 23:01 - 2016-03-31 23:10 - 00000000 ____D C:\Users\Felipe\AppData\Local\Mozilla
2016-03-31 23:01 - 2016-03-31 23:04 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Mozilla
2016-03-31 22:56 - 2016-03-31 22:56 - 00242240 _____ C:\Users\Felipe\Desktop\Firefox Setup Stub 45.0.1.exe
2016-03-28 23:48 - 2016-03-28 23:58 - 13614856 _____ C:\Users\Felipe\Downloads\Another Love (Zwette Edit).m4a
2016-03-16 19:50 - 2016-03-16 19:51 - 00000000 ____D C:\Users\Felipe\Downloads\Drake - Hotline Bling [Hip-Hop & Rap] Single 2015 [iTunes Plus M4A AAC] [UJ.rip]
2016-02-20 16:31 - 2016-02-21 18:14 - 00000000 ____D C:\Users\Felipe\Downloads\Maze Runner The Scorch Trails (2015)
2016-02-10 17:03 - 2016-04-11 16:15 - 00000000 ___SD C:\Users\Felipe\AppData\LocalLow\Temp
2016-02-04 22:35 - 2016-02-12 21:40 - 00000000 ____D C:\Users\Felipe\AppData\Local\NFS Underground 2
2016-02-04 22:34 - 2016-02-04 22:34 - 00001250 _____ C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Need for Speed Underground 2.lnk
2016-02-04 22:34 - 2016-02-04 22:34 - 00001226 _____ C:\Users\Felipe\Desktop\Need for Speed Underground 2.lnk
2016-02-04 22:34 - 2016-02-04 22:34 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-04 22:32 - 2016-02-04 22:32 - 00000000 ____D C:\Program Files\EA GAMES
2016-02-04 18:44 - 2016-02-04 18:44 - 00000000 ____D C:\Users\Felipe\Tracing
2016-02-04 18:39 - 2016-04-11 21:29 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Skype
2016-02-04 18:38 - 2016-03-20 13:15 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-02-04 18:38 - 2016-03-20 13:15 - 00000000 ____D C:\ProgramData\Skype
2016-02-04 18:38 - 2016-02-04 18:39 - 00000000 ___RD C:\Program Files\Skype
2016-02-04 18:38 - 2016-02-04 18:38 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-04 18:38 - 2016-02-04 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-04 18:38 - 2016-02-04 18:38 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-02-01 20:45 - 2016-03-29 00:05 - 00000000 ____D C:\Users\Felipe\Downloads\Water LP _ Exclusive Remix
2016-02-01 20:44 - 2016-02-01 20:44 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\RPEng
2016-02-01 20:44 - 2016-02-01 20:44 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\BitTorrent
2016-02-01 20:43 - 2016-04-11 21:58 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\uTorrent
2016-02-01 15:56 - 2016-02-01 15:56 - 00000000 ____D C:\Users\Felipe\Desktop\jairo
2016-01-26 17:00 - 2016-01-26 17:20 - 2048196608 _____ C:\Users\Felipe\Desktop\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso
2016-01-26 16:55 - 2016-01-26 16:55 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Trimble Connect for SketchUp
2016-01-26 16:54 - 2016-01-26 16:54 - 00002170 _____ C:\Users\Public\Desktop\Style Builder 2016.lnk
2016-01-26 16:54 - 2016-01-26 16:54 - 00002084 _____ C:\Users\Public\Desktop\LayOut 2016.lnk
2016-01-26 16:54 - 2016-01-26 16:54 - 00001999 _____ C:\Users\Public\Desktop\SketchUp 2016.lnk
2016-01-26 16:54 - 2016-01-26 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2016
2016-01-26 16:48 - 2016-01-26 16:50 - 123613456 _____ (Trimble Navigation Limited) C:\Users\Felipe\Desktop\SketchUpMake-pt-BR.exe
2016-01-26 16:47 - 2016-01-26 16:47 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\SketchUp
2016-01-26 16:44 - 2016-01-26 16:44 - 00000000 ____D C:\Users\Todos os Usuários\Reprise
2016-01-26 16:44 - 2016-01-26 16:44 - 00000000 ____D C:\ProgramData\Reprise
2016-01-26 16:43 - 2016-01-26 16:55 - 00000000 ____D C:\Program Files\SketchUp
2016-01-26 16:43 - 2016-01-26 16:43 - 00000000 ____D C:\Users\Todos os Usuários\SketchUp
2016-01-26 16:43 - 2016-01-26 16:43 - 00000000 ____D C:\ProgramData\SketchUp
2016-01-26 16:42 - 2016-01-26 16:42 - 00134710 _____ C:\Users\Felipe\Desktop\gdm_servicos.rbz
2016-01-26 16:39 - 2016-01-26 16:41 - 116578232 _____ (Trimble Navigation Limited) C:\Users\Felipe\Desktop\SketchUpMake-en.exe
2016-01-26 16:21 - 2016-01-26 16:23 - 134043360 _____ (Trimble Navigation Limited) C:\Users\Felipe\Desktop\SketchUpMake-pt-BR-x64.exe
2016-01-25 18:15 - 2016-01-25 18:15 - 00000000 _____ C:\Users\Felipe\AppData\Local\{9934DA03-AC93-4457-AA6F-A2D2584B89A6}
2016-01-15 15:48 - 2016-01-15 15:48 - 00000000 ____D C:\Users\Felipe\Desktop\RENDERS
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-12 04:24 - 2015-11-10 18:42 - 00002032 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 04:24 - 2015-11-10 18:42 - 00002026 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-11 23:00 - 2009-07-14 01:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-11 23:00 - 2009-07-14 01:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-11 22:30 - 2015-11-19 19:13 - 00000000 __SHD C:\Users\Felipe\IntelGraphicsProfiles
2016-04-11 21:50 - 2015-11-09 22:08 - 00000000 ____D C:\Users\Felipe\AppData\Local\Apps\2.0
2016-04-11 21:50 - 2015-11-09 21:15 - 00000000 ____D C:\Users\Felipe
2016-04-11 21:24 - 2015-11-09 21:50 - 00000000 ____D C:\Users\Todos os Usuários\Intel
2016-04-11 21:24 - 2015-11-09 21:50 - 00000000 ____D C:\ProgramData\Intel
2016-04-11 21:04 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-04-11 21:03 - 2015-11-09 21:22 - 00000000 ____D C:\Windows\system32\appmgmt
2016-04-11 20:55 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-04-10 22:44 - 2015-11-09 21:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-04-10 22:44 - 2015-11-09 21:56 - 00000000 ____D C:\Program Files\Realtek
2016-04-08 11:02 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-05 14:47 - 2015-11-09 21:19 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-05 14:47 - 2009-07-14 05:31 - 00705268 _____ C:\Windows\system32\prfh0416.dat
2016-04-05 14:47 - 2009-07-14 05:31 - 00147108 _____ C:\Windows\system32\prfc0416.dat
==================== Arquivos na raiz de alguns diretórios =======
2015-11-09 22:09 - 2015-11-09 22:14 - 6420480 _____ () C:\Program Files\GUT8B20.tmp
2016-04-11 21:04 - 2016-04-11 21:10 - 6504960 _____ () C:\Users\Felipe\AppData\Roaming\agent.dat
2016-04-11 21:03 - 2016-04-11 21:09 - 0054272 _____ () C:\Users\Felipe\AppData\Roaming\ApplicationHosting.dat
2016-04-11 21:04 - 2016-04-11 21:05 - 0002467 _____ () C:\Users\Felipe\AppData\Roaming\Bubble Dock.boostrap.log
2016-04-11 21:08 - 2016-04-11 21:10 - 0002219 _____ () C:\Users\Felipe\AppData\Roaming\Bubble Dock.installation.log
2016-04-11 21:04 - 2016-04-11 21:10 - 0065424 _____ () C:\Users\Felipe\AppData\Roaming\Config.xml
2016-04-11 21:24 - 2016-02-24 06:18 - 1085440 _____ () C:\Users\Felipe\AppData\Roaming\delCalendarReg.exe
2016-04-11 21:10 - 2016-04-11 21:05 - 1015808 _____ () C:\Users\Felipe\AppData\Roaming\Don-Stock.exe
2016-04-11 21:10 - 2016-04-11 21:10 - 1626416 _____ () C:\Users\Felipe\AppData\Roaming\Don-Stock.tst
2016-04-11 21:01 - 2016-04-11 21:01 - 0848437 _____ () C:\Users\Felipe\AppData\Roaming\Doubleis.bin
2016-04-11 21:09 - 2016-04-11 21:05 - 1015808 _____ () C:\Users\Felipe\AppData\Roaming\DuoCanlight.exe
2016-04-11 21:09 - 2016-04-11 21:09 - 0072699 _____ () C:\Users\Felipe\AppData\Roaming\DuoCanlight.tst
2016-04-11 21:04 - 2016-04-11 20:58 - 1015808 _____ () C:\Users\Felipe\AppData\Roaming\Hat-Fax.exe
2016-04-11 21:04 - 2016-04-11 21:04 - 1626416 _____ () C:\Users\Felipe\AppData\Roaming\Hat-Fax.tst
2016-04-11 21:08 - 2016-04-11 21:08 - 0848437 _____ () C:\Users\Felipe\AppData\Roaming\Holdtam.bin
2016-04-11 21:22 - 2015-11-25 15:31 - 1100288 _____ () C:\Users\Felipe\AppData\Roaming\HomePage.exe
2016-04-11 20:58 - 2016-04-11 21:05 - 0078801 _____ () C:\Users\Felipe\AppData\Roaming\inst.lat
2016-04-11 20:58 - 2016-04-11 21:06 - 0015408 _____ () C:\Users\Felipe\AppData\Roaming\InstallationConfiguration.xml
2016-04-11 20:58 - 2016-04-11 21:05 - 0127488 _____ () C:\Users\Felipe\AppData\Roaming\Installer.dat
2016-04-11 21:03 - 2016-04-11 20:58 - 1015808 _____ () C:\Users\Felipe\AppData\Roaming\Istansoft.exe
2016-04-11 21:03 - 2016-04-11 21:03 - 0072699 _____ () C:\Users\Felipe\AppData\Roaming\Istansoft.tst
2016-04-11 21:03 - 2016-04-11 21:09 - 0126464 _____ () C:\Users\Felipe\AppData\Roaming\lobby.dat
2016-04-11 21:04 - 2016-04-11 21:10 - 0018432 _____ () C:\Users\Felipe\AppData\Roaming\Main.dat
2016-04-11 21:03 - 2016-04-11 21:10 - 0005568 _____ () C:\Users\Felipe\AppData\Roaming\md.xml
2016-04-11 21:22 - 2016-04-01 14:51 - 1917952 _____ () C:\Users\Felipe\AppData\Roaming\msiql.exe
2016-04-11 21:04 - 2016-04-11 21:10 - 0126464 _____ () C:\Users\Felipe\AppData\Roaming\noah.dat
2016-04-11 21:13 - 2016-04-11 21:13 - 0000030 _____ () C:\Users\Felipe\AppData\Roaming\Selection Tools.installation.log
2016-04-11 21:04 - 2016-03-31 11:32 - 1747456 _____ () C:\Users\Felipe\AppData\Roaming\service.exe
2016-04-11 21:09 - 2016-04-11 22:55 - 2767872 _____ (TODO: ) C:\Users\Felipe\AppData\Roaming\svrupg.exe
2016-04-11 21:11 - 2016-04-11 21:11 - 0001150 _____ () C:\Users\Felipe\AppData\Roaming\uninstall_temp.ico
2016-04-11 21:23 - 2016-04-11 21:23 - 0016815 _____ () C:\Users\Felipe\AppData\Roaming\webad.xml
2016-04-11 21:05 - 2016-04-11 21:05 - 0000194 _____ () C:\Users\Felipe\AppData\Roaming\WindApp.boostrap.log
2016-04-11 21:09 - 2016-04-11 21:12 - 0000060 _____ () C:\Users\Felipe\AppData\Roaming\WindApp.installation.log
2016-04-11 20:59 - 2015-12-10 15:43 - 0600312 _____ () C:\Users\Felipe\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-04-11 21:26 - 2016-04-11 21:26 - 0333506 _____ (AnySend.com) C:\Users\Felipe\AppData\Local\nsd50EB.tmp
2016-04-11 21:24 - 2016-04-11 21:23 - 0333506 _____ (AnySend.com) C:\Users\Felipe\AppData\Local\nss1A90.tmp
2016-01-25 18:15 - 2016-01-25 18:15 - 0000000 _____ () C:\Users\Felipe\AppData\Local\{9934DA03-AC93-4457-AA6F-A2D2584B89A6}
2016-04-11 21:12 - 2016-02-24 06:18 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe
2016-04-11 21:14 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-04-11 21:10 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-04-11 21:08 - 2016-04-01 14:51 - 1917952 _____ () C:\ProgramData\msiql.exe
2016-04-11 21:04 - 2016-03-31 11:32 - 1747456 _____ () C:\ProgramData\service.exe
2016-04-11 21:09 - 2016-04-11 22:55 - 0016815 _____ () C:\ProgramData\webad.xml
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\delCalendarReg.exe
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe
C:\Users\Todos os Usuários\delCalendarReg.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\service.exe
Alguns arquivos em TEMP:
====================
C:\Users\Felipe\AppData\Local\Temp\3Q3U9IOLXS.exe
C:\Users\Felipe\AppData\Local\Temp\9KFHQDTUOH.exe
C:\Users\Felipe\AppData\Local\Temp\9X15OZJFR2.exe
C:\Users\Felipe\AppData\Local\Temp\AO0LQDKOIU.exe
C:\Users\Felipe\AppData\Local\Temp\Browser_V5.6.11466.7_r_4728_(Build1603281525).exe
C:\Users\Felipe\AppData\Local\Temp\J9QPOTKCQ5.exe
C:\Users\Felipe\AppData\Local\Temp\JKFARMJCDJ.exe
C:\Users\Felipe\AppData\Local\Temp\JRAVLQTTW7.exe
C:\Users\Felipe\AppData\Local\Temp\P20LZMRT8Q.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-04-08 09:12
==================== Fim de FRST.txt ============================
Executado por Felipe (administrador) em FELIPE-PC (12-04-2016 16:15:16)
Executando a partir de C:\Users\Felipe\Desktop
Perfis Carregados: Felipe (Perfis Disponíveis: Felipe)
Platform: Microsoft Windows 7 Ultimate (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão não detectado!)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\ProgramData\AppxedtatS\AppxedtatS.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Users\Felipe\AppData\Roaming\Uvulgi\Uvulgi.exe
() C:\Users\Felipe\AppData\Roaming\Uvulgi\Awabtocuce.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
() C:\Users\Felipe\AppData\Roaming\ExukNirji\Topexiud.exe
() C:\Users\Felipe\AppData\Roaming\Ufyakq\Ufyakq.exe
() C:\Users\Felipe\AppData\Roaming\Ufyakq\Monav.exe
() C:\Users\Felipe\AppData\Roaming\Yacoifbaz\Yacoifbaz.exe
() C:\Users\Felipe\AppData\Roaming\Yacoifbaz\Moasco.exe
(DotC United Inc) C:\Program Files\MPC Cleaner\MPCTray.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
() C:\Users\Felipe\AppData\Roaming\ByueCura\Zojhipk.exe
() C:\Users\Felipe\AppData\Local\Apps\2.0\abril.exe
() C:\Users\Felipe\AppData\Roaming\Asapg\Asapg.exe
() C:\Users\Felipe\AppData\Roaming\Asapg\Etunkahmay.exe
() C:\Users\Felipe\AppData\Roaming\EooripFogg\Loasci.exe
() C:\Users\Felipe\AppData\Roaming\HucinFidbozi\Aidoafic.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(© 2015 Microsoft Corporation) C:\Users\Felipe\AppData\Local\Microsoft\BingSvc\BingSvc.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
() C:\ProgramData\msiql.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\ProgramData\DCHP\DCHP.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] ()
HKLM\...\Run: [HomePageHelper] => c:\users\felipe\appdata\roaming\homepage.exe [1100288 2015-11-25] ()
HKLM\...\RunOnce: [WINDOWS_SCREEN_MANAGER_UPDATER_1] => C:\Program Files\Windows Screen Manager\Windows screen manage updater.exe [16896 2016-04-11] (Wizzservices)
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [GoogleChromeAutoLaunch_3598036481B262A4AE210A3CE1B03E37] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [BingSvc] => C:\Users\Felipe\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-04] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [YeaInstaller] => C:\Users\Felipe\AppData\Local\Temp\56AG92J7J\56AG92J7J.exe <===== ATENÇÃO
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2055168 2016-04-07] ()
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [Pritc] => C:\Users\Felipe\AppData\Local\Temp\is-NB6G5.tmp\print.exe <===== ATENÇÃO
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [msiql] => C:\ProgramData\msiql.exe [1917952 2016-04-01] ()
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\MountPoints2: {fd7fcc6b-8734-11e5-bbfd-5cc9d3f60713} - G:\Setup.exe
AppInit_DLLs: C:\ProgramData\AppxedtatS\Finla.dll => C:\ProgramData\AppxedtatS\Finla.dll [257536 2016-04-12] ()
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog5 08 C:\ProgramData\System32\SafeGuard32.dll [2771896 2016-04-11] ()
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 20.23.52.1
Tcpip\..\Interfaces\{233DCDF9-EE70-4DDA-8B47-9E79C55F720E}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{74C38BCE-6413-4354-99B8-5C3A5F3C6E3D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{AC94A06A-36E7-4BA2-895E-460B2BD69B93}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{E45AACF7-B072-4B6F-8227-A7832D843F2A}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{E45AACF7-B072-4B6F-8227-A7832D843F2A}: [DhcpNameServer] 20.23.52.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=br
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo=br
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms}
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms}
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms}
HKU\S-1-5-21-3498507567-1271723686-615099086-1000\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=br
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms}
SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKU\S-1-5-21-3498507567-1271723686-615099086-1000 -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.mpc.am/index/search?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968&ie=UTF-8
SearchScopes: HKU\S-1-5-21-3498507567-1271723686-615099086-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKU\S-1-5-21-3498507567-1271723686-615099086-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: hxxp://www.hohosearch.com/?ts=AHEqA3EmAHUmCE..&v=20160409&uid=19E5649E23490F96CBB81A1ADCAB55FC&ptid=clc&mode=ffseng
FF DefaultSearchEngine: hohosearch
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch
FF SelectedSearchEngine: hohosearch
FF Homepage: search.mpc.am/?geo=br
FF Keyword.URL: hxxp://www.hohosearch.com/chrome.php?uid=19E5649E23490F96CBB81A1ADCAB55FC&ptid=ftp&ts=AHEqA3EmAHYlBE..&v=20160409&mode=ffexttoolbar&q=
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF user.js: detected! => C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\user.js [2016-04-11]
FF user.js: detected! => C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p8sxnvxd.default-1460421532074\user.js [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\searchplugins\.xml [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\searchplugins\DD1B66D4.xml [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\searchplugins\navegaki.xml [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p8sxnvxd.default-1460421532074\searchplugins\DD1B66D4.xml [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\.xml [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-04-11]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\findit.xml [2016-04-12]
FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\navegaki.xml [2016-04-11]
FF Extension: Quick Searcher - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-11] [não assinado]
FF Extension: Adblock Plus - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-31]
FF Extension: Quick Searcher - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\Extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-11] [não assinado]
FF Extension: GsearchFinder - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-04-09]
FF Extension: Adblock Plus - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-31]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://vosteran.com/?f=7&a=vst_ggfc_15_04_ch&cd=2XzuyEtN2Y1L1QzuyD0C0Czy0DtA0FyCtDyBtCtAtAtC0AyCtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0DtAtA0AyD0DyBtGtA0CzztBtG0AyB0F0CtG0CyD0EzztGtBzzzy0C0AyByC0DyBtCzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BzztByB0FzzzztGyDyBtCzytGyEzz0B0EtG0AtAtDtDtGtAtC0BtAzztB0EtD0DtB0Fzz2Q&cr=936708617&ir=","hxxp://binkiland.com/?f=7&a=bnk_cmi_15_08&cd=2XzuyEtN2Y1L1QzuyD0C0Czy0DtA0FyCtDyBtCtAtAtC0AyCtN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyEzzyBtBtDtBtBtGzztD0AtAtGtD0CyB0AtGyD0BtCyEtGyBtCtCtA0F0A0FzzyE0DtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BzztByB0FzzzztGyDyBtCzytGyEzz0B0EtG0AtAtDtDtGtAtC0BtAzztB0EtD0DtB0Fzz2Q&cr=29741416&ir=","hxxp://do-search.com/?type=hp&ts=1430666171&from=cor&uid=ST500DM002-1BD142_6VMXMYXBXXXX6VMXMYXB","hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxi01_15_19¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzzyB0F0C0E0CyCyEyB0FyDtDyD0AtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFyDtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0C0FzytCyCtGzyyCtCzytGyCzytAtAtGzy0AyEtCtGyBtAtAyE0EyC0A0CyDtD0C0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtC0D0EtCyDyE0FtG0CyCtB0CtGyE0B0E0DtGzytAzy0DtGyD0EtC0F0CtAtCyE0Ezz0E0F2QtN0A0LzuyE%26cr%3D603851012%26a%3Dwncy_bxi01_15_19%26os%3DWindows 7 Ultimate","hxxp://www.hohosearch.com/?mode=nnnb&ptid=icb&uid=1FA9805588624C02F20396D1664F0444&v=20160409&ts=AHEqA3ElC3UmAE..","hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=3d2334dc21396b6d674d81cdd87fca66"
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kt7Wn_ZnG5f1_OnM8U6o5-4oQ7_nJ5sWBjq1mH6bFAt53S0HpS7xRZW9-nK-ZjznTbsfg8-kWNf3xFkhej8OA0erj9o,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-10]
CHR Extension: (Google Drive) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]
CHR Extension: (YouTube) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10]
CHR Extension: (Google Search) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Planilhas do Google) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-10]
CHR Extension: (Documentos Google off-line) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKU\S-1-5-21-3498507567-1271723686-615099086-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [593376 2013-04-11] (Intel Corporation)
R2 AppxedtatS; C:\ProgramData\\AppxedtatS\\AppxedtatS.exe [692736 2016-04-12] () [Arquivo não assinado]
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512 2011-11-21] (ASUS)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437784 2016-04-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-07] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files\BlueStacks\HD-Plus-Service.exe [433688 2016-04-07] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [921112 2016-04-07] (BlueStack Systems, Inc.)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-09-12] (Intel(R) Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 Cadidovpen; C:\Users\Felipe\AppData\Roaming\Uvulgi\Uvulgi.exe [174440 2016-04-11] ()
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [1015808 2016-04-11] () [Arquivo não assinado]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation)
R2 DCHP; C:\ProgramData\\DCHP\\DCHP.exe [400384 2016-04-12] () [Arquivo não assinado]
R2 Deibj; C:\Users\Felipe\AppData\Roaming\ExukNirji\Topexiud.exe [125800 2016-04-11] ()
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [383640 2015-09-14] ()
R2 Gepmed; C:\Users\Felipe\AppData\Roaming\Ufyakq\Ufyakq.exe [174472 2016-04-11] () [Arquivo não assinado]
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [922928 2015-11-12] (NVIDIA Corporation)
R2 Gitmibfit; C:\Users\Felipe\AppData\Roaming\Yacoifbaz\Yacoifbaz.exe [174432 2016-04-11] ()
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1747456 2016-03-31] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\Users\Felipe\AppData\Roaming\svrupg.exe [2767872 2016-04-11] (TODO: ) [Arquivo não assinado]
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [274024 2015-06-04] (Intel Corporation)
S2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-04-11] (DotC United Inc)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-05-08] ()
S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6288688 2015-11-12] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4611888 2015-11-12] (NVIDIA Corporation)
R2 Ooucanut; C:\Users\Felipe\AppData\Roaming\ByueCura\Zojhipk.exe [125800 2016-04-11] ()
R2 ProntSpooler; C:\Users\Felipe\AppData\Local\Apps\2.0\abril.exe [124928 2016-04-07] () [Arquivo não assinado]
R2 Pulfoizl; C:\Users\Felipe\AppData\Roaming\Asapg\Asapg.exe [174440 2016-04-11] ()
R2 Sukdadp; C:\Users\Felipe\AppData\Roaming\EooripFogg\Loasci.exe [125832 2016-04-11] () [Arquivo não assinado]
S3 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-09-14] ()
R2 Torcepx; C:\Users\Felipe\AppData\Roaming\HucinFidbozi\Aidoafic.exe [125792 2016-04-11] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [383640 2015-09-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S3 XBox; C:\Users\Felipe\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2530032 2013-05-08] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R3 AiCharger; C:\Windows\System32\DRIVERS\AiCharger.sys [14720 2012-05-07] (ASUSTek Computer Inc.)
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112608 2013-04-11] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [112608 2013-04-11] (Windows (R) Win 7 DDK provider)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2910720 2015-04-12] (Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [14464 2011-09-07] (ASUS)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [140856 2016-04-07] (BlueStack Systems)
R2 BstkDrv; C:\Program Files\BlueStacks\BstkDrv.sys [220216 2016-04-06] (Bluestack System Inc. )
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [62272 2016-04-11] (Cherimoya Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2015-11-09] (DT Soft Ltd)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [15680 2012-05-21] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [350016 2012-05-21] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793920 2012-05-21] (Intel Corporation)
R0 MPCBase; C:\Windows\System32\drivers\MPCBase.sys [29032 2016-04-11] (DotC United Inc)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [52968 2016-04-11] (DotC United Inc)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [26928 2015-11-05] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18736 2015-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44840 2015-11-05] (NVIDIA Corporation)
R2 Proteq; C:\Windows\system32\Drivers\Proteq.sys [7598 2014-06-23] (PROTEQ) [Arquivo não assinado]
R3 RSBASTOR; C:\Windows\System32\DRIVERS\RtsBaStor.sys [219240 2012-02-01] (Realtek Semiconductor Corp.)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-12 16:15 - 2016-04-12 16:15 - 00000000 ____D C:\FRST
2016-04-12 16:13 - 2016-04-12 16:13 - 00000000 ____D C:\Users\Todos os Usuários\DCHP
2016-04-12 16:13 - 2016-04-12 16:13 - 00000000 ____D C:\ProgramData\DCHP
2016-04-12 16:10 - 2016-04-12 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-04-12 04:24 - 2016-04-12 04:24 - 00000000 ____D C:\Users\Todos os Usuários\AppxedtatSs
2016-04-12 04:24 - 2016-04-12 04:24 - 00000000 ____D C:\ProgramData\AppxedtatSs
2016-04-12 04:23 - 2016-04-12 16:13 - 00000000 ____D C:\Users\Todos os Usuários\AppxedtatS
2016-04-12 04:23 - 2016-04-12 16:13 - 00000000 ____D C:\ProgramData\AppxedtatS
2016-04-11 22:55 - 2016-04-12 04:24 - 00001401 _____ C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-11 22:54 - 2016-04-12 16:10 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-11 22:54 - 2016-04-11 22:54 - 00000678 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-11 22:46 - 2016-04-11 22:47 - 00000354 _____ C:\Windows\Tasks\MPC AdCleaner.job
2016-04-11 22:46 - 2016-04-11 22:47 - 00000000 ____D C:\Program Files\MPC AdCleaner
2016-04-11 22:46 - 2016-04-11 22:46 - 00001821 _____ C:\Users\Felipe\Desktop\MPC AdCleaner.lnk
2016-04-11 22:46 - 2016-04-11 22:46 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
2016-04-11 22:44 - 2016-04-11 22:44 - 00000000 ____D C:\Program Files\SunnyDayApps
2016-04-11 22:44 - 2016-04-11 22:44 - 00000000 ____D C:\Program Files\rec_en_251
2016-04-11 22:41 - 2016-04-11 22:41 - 00000000 ____D C:\Program Files\Windows Screen Manager
2016-04-11 22:33 - 2016-04-11 22:33 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\MCorp
2016-04-11 22:28 - 2016-04-12 16:10 - 00001687 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-04-11 22:08 - 2016-04-11 22:09 - 00000000 ____D C:\Program Files\NewExt
2016-04-11 22:07 - 2016-04-11 22:07 - 00000000 ____D C:\Users\Todos os Usuários\115792b6-7e71-1
2016-04-11 22:07 - 2016-04-11 22:07 - 00000000 ____D C:\ProgramData\115792b6-7e71-1
2016-04-11 22:03 - 2016-04-11 22:38 - 00489916 _____ C:\Windows\ntbtlog.txt
2016-04-11 22:00 - 2016-04-11 22:00 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Uvulgi
2016-04-11 22:00 - 2016-04-11 22:00 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\ExukNirji
2016-04-11 21:51 - 2016-04-11 22:00 - 00062272 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-04-11 21:50 - 2016-04-11 21:50 - 00000000 ____D C:\Users\Felipe\Mozilla
2016-04-11 21:49 - 2016-04-11 21:49 - 00011426 _____ C:\Users\Felipe\Desktop\Addition.txt
2016-04-11 21:45 - 2016-04-12 16:16 - 00024955 _____ C:\Users\Felipe\Desktop\FRST.txt
2016-04-11 21:44 - 2016-04-11 21:44 - 01725952 _____ (Farbar) C:\Users\Felipe\Desktop\FRST.exe
2016-04-11 21:41 - 2016-04-11 21:50 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\UPUpdata
2016-04-11 21:39 - 2016-04-11 21:39 - 00000801 _____ C:\Windows\system32\${LOGFILE}
2016-04-11 21:38 - 2016-04-11 21:38 - 00000000 ____D C:\Users\Felipe\Desktop\Dados anteriores do Firefox
2016-04-11 21:32 - 2016-04-11 22:28 - 00000000 ____D C:\Program Files\MPC Cleaner
2016-04-11 21:32 - 2016-04-11 21:47 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-04-11 21:32 - 2016-04-11 21:47 - 00000000 ____D C:\ProgramData\System32
2016-04-11 21:32 - 2016-04-11 21:32 - 00052968 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-04-11 21:32 - 2016-04-11 21:32 - 00029032 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCBase.sys
2016-04-11 21:28 - 2016-04-11 21:28 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\ByueCura
2016-04-11 21:28 - 2016-04-11 21:28 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Asapg
2016-04-11 21:26 - 2016-04-11 21:26 - 00333506 _____ (AnySend.com) C:\Users\Felipe\AppData\Local\nsd50EB.tmp
2016-04-11 21:25 - 2016-04-11 21:25 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\XBox
2016-04-11 21:24 - 2016-04-11 21:34 - 00000000 ____D C:\Program Files\Hostify
2016-04-11 21:24 - 2016-04-11 21:24 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-04-11 21:24 - 2016-04-11 21:24 - 00000000 ____D C:\Users\Todos os Usuários\baidu
2016-04-11 21:24 - 2016-04-11 21:24 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Baidu
2016-04-11 21:24 - 2016-04-11 21:24 - 00000000 ____D C:\ProgramData\baidu
2016-04-11 21:24 - 2016-04-11 21:23 - 00333506 _____ (AnySend.com) C:\Users\Felipe\AppData\Local\nss1A90.tmp
2016-04-11 21:24 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Felipe\AppData\Roaming\delCalendarReg.exe
2016-04-11 21:23 - 2016-04-11 21:23 - 00016815 _____ C:\Users\Felipe\AppData\Roaming\webad.xml
2016-04-11 21:23 - 2016-04-11 21:23 - 00001926 ____R C:\Users\Felipe\Desktop\Yeabeats Browser.lnk
2016-04-11 21:22 - 2016-04-01 14:51 - 01917952 _____ C:\Users\Felipe\AppData\Roaming\msiql.exe
2016-04-11 21:22 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Felipe\AppData\Roaming\HomePage.exe
2016-04-11 21:20 - 2016-04-11 21:20 - 00000286 __RSH C:\Users\Felipe\ntuser.pol
2016-04-11 21:14 - 2016-04-11 21:42 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\cpuminer
2016-04-11 21:14 - 2016-04-11 21:14 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\gplyra
2016-04-11 21:14 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2016-04-11 21:14 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-04-11 21:13 - 2016-04-11 21:13 - 00196608 _____ C:\Windows\kaz.exe
2016-04-11 21:13 - 2016-04-11 21:13 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-04-11 21:13 - 2016-04-11 21:13 - 00000000 ____D C:\ProgramData\Windows Update
2016-04-11 21:12 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe
2016-04-11 21:12 - 2016-02-24 06:18 - 01085440 _____ C:\ProgramData\delCalendarReg.exe
2016-04-11 21:11 - 2016-04-11 21:11 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Ufyakq
2016-04-11 21:11 - 2016-04-11 21:11 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\EooripFogg
2016-04-11 21:10 - 2016-04-11 21:21 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\LightGate
2016-04-11 21:10 - 2016-04-11 21:10 - 01626416 _____ C:\Users\Felipe\AppData\Roaming\Don-Stock.tst
2016-04-11 21:10 - 2016-04-11 21:05 - 01015808 _____ C:\Users\Felipe\AppData\Roaming\Don-Stock.exe
2016-04-11 21:10 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2016-04-11 21:10 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-04-11 21:09 - 2016-04-11 22:55 - 02767872 _____ (TODO: ) C:\Users\Felipe\AppData\Roaming\svrupg.exe
2016-04-11 21:09 - 2016-04-11 22:55 - 00016815 _____ C:\Users\Todos os Usuários\webad.xml
2016-04-11 21:09 - 2016-04-11 22:55 - 00016815 _____ C:\ProgramData\webad.xml
2016-04-11 21:09 - 2016-04-11 21:39 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Nosibay
2016-04-11 21:09 - 2016-04-11 21:09 - 00072699 _____ C:\Users\Felipe\AppData\Roaming\DuoCanlight.tst
2016-04-11 21:09 - 2016-04-11 21:05 - 01015808 _____ C:\Users\Felipe\AppData\Roaming\DuoCanlight.exe
2016-04-11 21:08 - 2016-04-11 21:08 - 00848437 _____ C:\Users\Felipe\AppData\Roaming\Holdtam.bin
2016-04-11 21:08 - 2016-04-11 21:08 - 00000000 ____D C:\Users\Felipe\AppData\Local\Setup Wizard
2016-04-11 21:08 - 2016-04-11 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WNetworkEn
2016-04-11 21:08 - 2016-04-01 14:51 - 01917952 _____ C:\Users\Todos os Usuários\msiql.exe
2016-04-11 21:08 - 2016-04-01 14:51 - 01917952 _____ C:\ProgramData\msiql.exe
2016-04-11 21:07 - 2016-04-11 21:29 - 00000000 ____D C:\Users\Felipe\AppData\Local\00000236-1460408863-8000-FFFF-40167EA038C9
2016-04-11 21:07 - 2016-04-11 21:07 - 00000000 ____D C:\Users\Felipe\AppData\Local\rec_en_251
2016-04-11 21:06 - 2016-04-12 04:24 - 00002405 _____ C:\Windows\system32\findit.xml
2016-04-11 21:06 - 2016-04-11 21:06 - 00000000 ____D C:\Users\Todos os Usuários\Statdexs
2016-04-11 21:06 - 2016-04-11 21:06 - 00000000 ____D C:\ProgramData\Statdexs
2016-04-11 21:06 - 2016-04-11 21:00 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-04-11 21:05 - 2016-04-11 22:14 - 00000000 ____D C:\Users\Todos os Usuários\Statdex
2016-04-11 21:05 - 2016-04-11 22:14 - 00000000 ____D C:\ProgramData\Statdex
2016-04-11 21:05 - 2016-04-11 22:00 - 00000000 ____D C:\Users\Felipe\AppData\Local\Tempfolder
2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Yacoifbaz
2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\HucinFidbozi
2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\Users\Felipe\AppData\LocalLow\Company
2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\Users\Felipe\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\uninst
2016-04-11 21:04 - 2016-04-11 21:10 - 06504960 _____ C:\Users\Felipe\AppData\Roaming\agent.dat
2016-04-11 21:04 - 2016-04-11 21:10 - 00126464 _____ C:\Users\Felipe\AppData\Roaming\noah.dat
2016-04-11 21:04 - 2016-04-11 21:10 - 00065424 _____ C:\Users\Felipe\AppData\Roaming\Config.xml
2016-04-11 21:04 - 2016-04-11 21:10 - 00018432 _____ C:\Users\Felipe\AppData\Roaming\Main.dat
2016-04-11 21:04 - 2016-04-11 21:04 - 01626416 _____ C:\Users\Felipe\AppData\Roaming\Hat-Fax.tst
2016-04-11 21:04 - 2016-04-11 20:58 - 01015808 _____ C:\Users\Felipe\AppData\Roaming\Hat-Fax.exe
2016-04-11 21:04 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Todos os Usuários\service.exe
2016-04-11 21:04 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Felipe\AppData\Roaming\service.exe
2016-04-11 21:04 - 2016-03-31 11:32 - 01747456 _____ C:\ProgramData\service.exe
2016-04-11 21:03 - 2016-04-12 04:23 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter
2016-04-11 21:03 - 2016-04-12 04:23 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-04-11 21:03 - 2016-04-11 21:41 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-04-11 21:03 - 2016-04-11 21:41 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-04-11 21:03 - 2016-04-11 21:10 - 00005568 _____ C:\Users\Felipe\AppData\Roaming\md.xml
2016-04-11 21:03 - 2016-04-11 21:09 - 00126464 _____ C:\Users\Felipe\AppData\Roaming\lobby.dat
2016-04-11 21:03 - 2016-04-11 21:09 - 00054272 _____ C:\Users\Felipe\AppData\Roaming\ApplicationHosting.dat
2016-04-11 21:03 - 2016-04-11 21:03 - 00072699 _____ C:\Users\Felipe\AppData\Roaming\Istansoft.tst
2016-04-11 21:03 - 2016-04-11 20:58 - 01015808 _____ C:\Users\Felipe\AppData\Roaming\Istansoft.exe
2016-04-11 21:01 - 2016-04-11 21:01 - 00848437 _____ C:\Users\Felipe\AppData\Roaming\Doubleis.bin
2016-04-11 21:00 - 2016-04-11 21:00 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-04-11 21:00 - 2016-04-11 21:00 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-04-11 20:59 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Felipe\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-04-11 20:58 - 2016-04-11 21:06 - 00015408 _____ C:\Users\Felipe\AppData\Roaming\InstallationConfiguration.xml
2016-04-11 20:58 - 2016-04-11 21:05 - 00127488 _____ C:\Users\Felipe\AppData\Roaming\Installer.dat
2016-04-11 20:58 - 2016-04-11 21:05 - 00078801 _____ C:\Users\Felipe\AppData\Roaming\inst.lat
2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\Users\Todos os Usuários\115792b6-2b57-0
2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\Users\Todos os Usuários\115792b6-1b75-1
2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\Users\Felipe\AppData\Local\csdi_monetize_220160408
2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\ProgramData\115792b6-2b57-0
2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\ProgramData\115792b6-1b75-1
2016-04-11 20:57 - 2016-04-11 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioVideoKit
2016-04-11 20:57 - 2016-04-11 20:57 - 00000000 ____D C:\Users\Felipe\AppData\Local\csdi_monetize_120160408
2016-04-11 20:56 - 2016-04-11 20:56 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\FreeVPN
2016-04-11 20:56 - 2016-04-11 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free VPN
2016-04-11 20:55 - 2016-04-11 20:55 - 00000668 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-04-11 20:55 - 2016-04-11 20:55 - 00000668 __RSH C:\ProgramData\ntuser.pol
2016-04-11 20:54 - 2016-04-11 22:02 - 00000000 ____D C:\Users\Felipe\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-04-11 20:54 - 2016-04-11 21:42 - 00000000 ____D C:\Program Files\Screenify
2016-04-11 20:53 - 2016-04-11 20:54 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-11 20:52 - 2016-04-11 21:13 - 15793935 _____ C:\Users\Felipe\Downloads\asus-x53u-web-camera-driver
2016-04-10 22:44 - 2011-03-09 20:07 - 06332520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\rtsuvc.sys
2016-04-10 22:32 - 2016-04-10 22:32 - 00031832 _____ (Phoenix Technologies) C:\Windows\system32\Drivers\DrvAgent32.sys
2016-04-10 22:32 - 2016-04-10 22:32 - 00000000 ____D C:\Users\Felipe\AppData\Local\eSupport.com
2016-04-10 22:32 - 2016-04-10 22:32 - 00000000 ____D C:\Program Files\eSupport.com
2016-04-10 16:11 - 2016-04-10 16:28 - 00000000 ____D C:\Users\Felipe\Downloads\Martinho da Vila - Definitivo
2016-04-10 12:34 - 2016-04-10 13:36 - 00000000 ____D C:\Users\Felipe\Downloads\Quim Barreiros - Dar ao Apito 2012
2016-04-10 11:34 - 2016-04-10 12:01 - 00000000 ____D C:\Users\Felipe\Downloads\QUIM BARREIROS
2016-04-08 11:05 - 2016-04-08 11:05 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Macromedia
2016-04-08 11:05 - 2016-04-08 11:05 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Adobe
2016-04-08 11:05 - 2016-04-08 11:05 - 00000000 ____D C:\Users\Felipe\AppData\Local\Macromedia
2016-04-08 11:03 - 2016-04-08 11:06 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksGameManager
2016-04-08 11:03 - 2016-04-08 11:06 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-04-08 11:03 - 2016-04-08 11:03 - 00001701 _____ C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-04-08 11:03 - 2016-04-08 11:03 - 00001677 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-04-08 11:00 - 2016-04-08 11:02 - 00000000 ____D C:\Program Files\BlueStacks
2016-04-08 11:00 - 2016-04-08 11:01 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacks
2016-04-08 11:00 - 2016-04-08 11:01 - 00000000 ____D C:\ProgramData\BlueStacks
2016-04-08 10:59 - 2016-04-11 17:17 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksSetup
2016-04-08 10:59 - 2016-04-11 17:17 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-04-08 10:59 - 2016-04-08 10:59 - 00000000 ____D C:\Users\Felipe\AppData\Local\Bluestacks
2016-04-08 10:38 - 2016-04-08 10:38 - 00000000 ____D C:\Users\Felipe\Desktop\RENDER
2016-04-08 10:34 - 2016-04-08 10:55 - 311681768 _____ (BlueStack Systems Inc.) C:\Users\Felipe\Downloads\BlueStacks2_native.exe
2016-04-08 10:30 - 2016-04-08 10:30 - 00000000 ____D C:\Users\Felipe\Desktop\Nova pasta
2016-04-05 12:30 - 2016-04-05 12:30 - 00137728 _____ C:\Windows\9b5e5585d25ad04e83f5891085baf225.exe
2016-03-31 23:01 - 2016-03-31 23:10 - 00000000 ____D C:\Users\Felipe\AppData\Local\Mozilla
2016-03-31 23:01 - 2016-03-31 23:04 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Mozilla
2016-03-31 22:56 - 2016-03-31 22:56 - 00242240 _____ C:\Users\Felipe\Desktop\Firefox Setup Stub 45.0.1.exe
2016-03-28 23:48 - 2016-03-28 23:58 - 13614856 _____ C:\Users\Felipe\Downloads\Another Love (Zwette Edit).m4a
2016-03-16 19:50 - 2016-03-16 19:51 - 00000000 ____D C:\Users\Felipe\Downloads\Drake - Hotline Bling [Hip-Hop & Rap] Single 2015 [iTunes Plus M4A AAC] [UJ.rip]
2016-02-20 16:31 - 2016-02-21 18:14 - 00000000 ____D C:\Users\Felipe\Downloads\Maze Runner The Scorch Trails (2015)
2016-02-10 17:03 - 2016-04-11 16:15 - 00000000 ___SD C:\Users\Felipe\AppData\LocalLow\Temp
2016-02-04 22:35 - 2016-02-12 21:40 - 00000000 ____D C:\Users\Felipe\AppData\Local\NFS Underground 2
2016-02-04 22:34 - 2016-02-04 22:34 - 00001250 _____ C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Need for Speed Underground 2.lnk
2016-02-04 22:34 - 2016-02-04 22:34 - 00001226 _____ C:\Users\Felipe\Desktop\Need for Speed Underground 2.lnk
2016-02-04 22:34 - 2016-02-04 22:34 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-04 22:32 - 2016-02-04 22:32 - 00000000 ____D C:\Program Files\EA GAMES
2016-02-04 18:44 - 2016-02-04 18:44 - 00000000 ____D C:\Users\Felipe\Tracing
2016-02-04 18:39 - 2016-04-11 21:29 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Skype
2016-02-04 18:38 - 2016-03-20 13:15 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-02-04 18:38 - 2016-03-20 13:15 - 00000000 ____D C:\ProgramData\Skype
2016-02-04 18:38 - 2016-02-04 18:39 - 00000000 ___RD C:\Program Files\Skype
2016-02-04 18:38 - 2016-02-04 18:38 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-04 18:38 - 2016-02-04 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-04 18:38 - 2016-02-04 18:38 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-02-01 20:45 - 2016-03-29 00:05 - 00000000 ____D C:\Users\Felipe\Downloads\Water LP _ Exclusive Remix
2016-02-01 20:44 - 2016-02-01 20:44 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\RPEng
2016-02-01 20:44 - 2016-02-01 20:44 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\BitTorrent
2016-02-01 20:43 - 2016-04-11 21:58 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\uTorrent
2016-02-01 15:56 - 2016-02-01 15:56 - 00000000 ____D C:\Users\Felipe\Desktop\jairo
2016-01-26 17:00 - 2016-01-26 17:20 - 2048196608 _____ C:\Users\Felipe\Desktop\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso
2016-01-26 16:55 - 2016-01-26 16:55 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Trimble Connect for SketchUp
2016-01-26 16:54 - 2016-01-26 16:54 - 00002170 _____ C:\Users\Public\Desktop\Style Builder 2016.lnk
2016-01-26 16:54 - 2016-01-26 16:54 - 00002084 _____ C:\Users\Public\Desktop\LayOut 2016.lnk
2016-01-26 16:54 - 2016-01-26 16:54 - 00001999 _____ C:\Users\Public\Desktop\SketchUp 2016.lnk
2016-01-26 16:54 - 2016-01-26 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2016
2016-01-26 16:48 - 2016-01-26 16:50 - 123613456 _____ (Trimble Navigation Limited) C:\Users\Felipe\Desktop\SketchUpMake-pt-BR.exe
2016-01-26 16:47 - 2016-01-26 16:47 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\SketchUp
2016-01-26 16:44 - 2016-01-26 16:44 - 00000000 ____D C:\Users\Todos os Usuários\Reprise
2016-01-26 16:44 - 2016-01-26 16:44 - 00000000 ____D C:\ProgramData\Reprise
2016-01-26 16:43 - 2016-01-26 16:55 - 00000000 ____D C:\Program Files\SketchUp
2016-01-26 16:43 - 2016-01-26 16:43 - 00000000 ____D C:\Users\Todos os Usuários\SketchUp
2016-01-26 16:43 - 2016-01-26 16:43 - 00000000 ____D C:\ProgramData\SketchUp
2016-01-26 16:42 - 2016-01-26 16:42 - 00134710 _____ C:\Users\Felipe\Desktop\gdm_servicos.rbz
2016-01-26 16:39 - 2016-01-26 16:41 - 116578232 _____ (Trimble Navigation Limited) C:\Users\Felipe\Desktop\SketchUpMake-en.exe
2016-01-26 16:21 - 2016-01-26 16:23 - 134043360 _____ (Trimble Navigation Limited) C:\Users\Felipe\Desktop\SketchUpMake-pt-BR-x64.exe
2016-01-25 18:15 - 2016-01-25 18:15 - 00000000 _____ C:\Users\Felipe\AppData\Local\{9934DA03-AC93-4457-AA6F-A2D2584B89A6}
2016-01-15 15:48 - 2016-01-15 15:48 - 00000000 ____D C:\Users\Felipe\Desktop\RENDERS
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-12 04:24 - 2015-11-10 18:42 - 00002032 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 04:24 - 2015-11-10 18:42 - 00002026 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-11 23:00 - 2009-07-14 01:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-11 23:00 - 2009-07-14 01:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-11 22:30 - 2015-11-19 19:13 - 00000000 __SHD C:\Users\Felipe\IntelGraphicsProfiles
2016-04-11 21:50 - 2015-11-09 22:08 - 00000000 ____D C:\Users\Felipe\AppData\Local\Apps\2.0
2016-04-11 21:50 - 2015-11-09 21:15 - 00000000 ____D C:\Users\Felipe
2016-04-11 21:24 - 2015-11-09 21:50 - 00000000 ____D C:\Users\Todos os Usuários\Intel
2016-04-11 21:24 - 2015-11-09 21:50 - 00000000 ____D C:\ProgramData\Intel
2016-04-11 21:04 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-04-11 21:03 - 2015-11-09 21:22 - 00000000 ____D C:\Windows\system32\appmgmt
2016-04-11 20:55 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-04-10 22:44 - 2015-11-09 21:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-04-10 22:44 - 2015-11-09 21:56 - 00000000 ____D C:\Program Files\Realtek
2016-04-08 11:02 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-05 14:47 - 2015-11-09 21:19 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-05 14:47 - 2009-07-14 05:31 - 00705268 _____ C:\Windows\system32\prfh0416.dat
2016-04-05 14:47 - 2009-07-14 05:31 - 00147108 _____ C:\Windows\system32\prfc0416.dat
==================== Arquivos na raiz de alguns diretórios =======
2015-11-09 22:09 - 2015-11-09 22:14 - 6420480 _____ () C:\Program Files\GUT8B20.tmp
2016-04-11 21:04 - 2016-04-11 21:10 - 6504960 _____ () C:\Users\Felipe\AppData\Roaming\agent.dat
2016-04-11 21:03 - 2016-04-11 21:09 - 0054272 _____ () C:\Users\Felipe\AppData\Roaming\ApplicationHosting.dat
2016-04-11 21:04 - 2016-04-11 21:05 - 0002467 _____ () C:\Users\Felipe\AppData\Roaming\Bubble Dock.boostrap.log
2016-04-11 21:08 - 2016-04-11 21:10 - 0002219 _____ () C:\Users\Felipe\AppData\Roaming\Bubble Dock.installation.log
2016-04-11 21:04 - 2016-04-11 21:10 - 0065424 _____ () C:\Users\Felipe\AppData\Roaming\Config.xml
2016-04-11 21:24 - 2016-02-24 06:18 - 1085440 _____ () C:\Users\Felipe\AppData\Roaming\delCalendarReg.exe
2016-04-11 21:10 - 2016-04-11 21:05 - 1015808 _____ () C:\Users\Felipe\AppData\Roaming\Don-Stock.exe
2016-04-11 21:10 - 2016-04-11 21:10 - 1626416 _____ () C:\Users\Felipe\AppData\Roaming\Don-Stock.tst
2016-04-11 21:01 - 2016-04-11 21:01 - 0848437 _____ () C:\Users\Felipe\AppData\Roaming\Doubleis.bin
2016-04-11 21:09 - 2016-04-11 21:05 - 1015808 _____ () C:\Users\Felipe\AppData\Roaming\DuoCanlight.exe
2016-04-11 21:09 - 2016-04-11 21:09 - 0072699 _____ () C:\Users\Felipe\AppData\Roaming\DuoCanlight.tst
2016-04-11 21:04 - 2016-04-11 20:58 - 1015808 _____ () C:\Users\Felipe\AppData\Roaming\Hat-Fax.exe
2016-04-11 21:04 - 2016-04-11 21:04 - 1626416 _____ () C:\Users\Felipe\AppData\Roaming\Hat-Fax.tst
2016-04-11 21:08 - 2016-04-11 21:08 - 0848437 _____ () C:\Users\Felipe\AppData\Roaming\Holdtam.bin
2016-04-11 21:22 - 2015-11-25 15:31 - 1100288 _____ () C:\Users\Felipe\AppData\Roaming\HomePage.exe
2016-04-11 20:58 - 2016-04-11 21:05 - 0078801 _____ () C:\Users\Felipe\AppData\Roaming\inst.lat
2016-04-11 20:58 - 2016-04-11 21:06 - 0015408 _____ () C:\Users\Felipe\AppData\Roaming\InstallationConfiguration.xml
2016-04-11 20:58 - 2016-04-11 21:05 - 0127488 _____ () C:\Users\Felipe\AppData\Roaming\Installer.dat
2016-04-11 21:03 - 2016-04-11 20:58 - 1015808 _____ () C:\Users\Felipe\AppData\Roaming\Istansoft.exe
2016-04-11 21:03 - 2016-04-11 21:03 - 0072699 _____ () C:\Users\Felipe\AppData\Roaming\Istansoft.tst
2016-04-11 21:03 - 2016-04-11 21:09 - 0126464 _____ () C:\Users\Felipe\AppData\Roaming\lobby.dat
2016-04-11 21:04 - 2016-04-11 21:10 - 0018432 _____ () C:\Users\Felipe\AppData\Roaming\Main.dat
2016-04-11 21:03 - 2016-04-11 21:10 - 0005568 _____ () C:\Users\Felipe\AppData\Roaming\md.xml
2016-04-11 21:22 - 2016-04-01 14:51 - 1917952 _____ () C:\Users\Felipe\AppData\Roaming\msiql.exe
2016-04-11 21:04 - 2016-04-11 21:10 - 0126464 _____ () C:\Users\Felipe\AppData\Roaming\noah.dat
2016-04-11 21:13 - 2016-04-11 21:13 - 0000030 _____ () C:\Users\Felipe\AppData\Roaming\Selection Tools.installation.log
2016-04-11 21:04 - 2016-03-31 11:32 - 1747456 _____ () C:\Users\Felipe\AppData\Roaming\service.exe
2016-04-11 21:09 - 2016-04-11 22:55 - 2767872 _____ (TODO: ) C:\Users\Felipe\AppData\Roaming\svrupg.exe
2016-04-11 21:11 - 2016-04-11 21:11 - 0001150 _____ () C:\Users\Felipe\AppData\Roaming\uninstall_temp.ico
2016-04-11 21:23 - 2016-04-11 21:23 - 0016815 _____ () C:\Users\Felipe\AppData\Roaming\webad.xml
2016-04-11 21:05 - 2016-04-11 21:05 - 0000194 _____ () C:\Users\Felipe\AppData\Roaming\WindApp.boostrap.log
2016-04-11 21:09 - 2016-04-11 21:12 - 0000060 _____ () C:\Users\Felipe\AppData\Roaming\WindApp.installation.log
2016-04-11 20:59 - 2015-12-10 15:43 - 0600312 _____ () C:\Users\Felipe\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-04-11 21:26 - 2016-04-11 21:26 - 0333506 _____ (AnySend.com) C:\Users\Felipe\AppData\Local\nsd50EB.tmp
2016-04-11 21:24 - 2016-04-11 21:23 - 0333506 _____ (AnySend.com) C:\Users\Felipe\AppData\Local\nss1A90.tmp
2016-01-25 18:15 - 2016-01-25 18:15 - 0000000 _____ () C:\Users\Felipe\AppData\Local\{9934DA03-AC93-4457-AA6F-A2D2584B89A6}
2016-04-11 21:12 - 2016-02-24 06:18 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe
2016-04-11 21:14 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-04-11 21:10 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-04-11 21:08 - 2016-04-01 14:51 - 1917952 _____ () C:\ProgramData\msiql.exe
2016-04-11 21:04 - 2016-03-31 11:32 - 1747456 _____ () C:\ProgramData\service.exe
2016-04-11 21:09 - 2016-04-11 22:55 - 0016815 _____ () C:\ProgramData\webad.xml
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\delCalendarReg.exe
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe
C:\Users\Todos os Usuários\delCalendarReg.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\service.exe
Alguns arquivos em TEMP:
====================
C:\Users\Felipe\AppData\Local\Temp\3Q3U9IOLXS.exe
C:\Users\Felipe\AppData\Local\Temp\9KFHQDTUOH.exe
C:\Users\Felipe\AppData\Local\Temp\9X15OZJFR2.exe
C:\Users\Felipe\AppData\Local\Temp\AO0LQDKOIU.exe
C:\Users\Felipe\AppData\Local\Temp\Browser_V5.6.11466.7_r_4728_(Build1603281525).exe
C:\Users\Felipe\AppData\Local\Temp\J9QPOTKCQ5.exe
C:\Users\Felipe\AppData\Local\Temp\JKFARMJCDJ.exe
C:\Users\Felipe\AppData\Local\Temp\JRAVLQTTW7.exe
C:\Users\Felipe\AppData\Local\Temp\P20LZMRT8Q.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-04-08 09:12
==================== Fim de FRST.txt ============================