Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:13-04-2016
Executado por Rafael (administrador) em RAFAEL-WIN (14-04-2016 17:28:37)
Executando a partir de C:\Users\Rafael\Downloads
Perfis Carregados: Rafael (Perfis Disponíveis: Rafael)
Platform: Windows 7 Home Premium (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ClaraLabs) C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Ares Development Group) C:\Program Files (x86)\Ares\Ares.exe
(Facebook Inc.) C:\Users\Rafael\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\Rafael\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Control Center\CCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8321568 2009-11-10] (Realtek Semiconductor)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1304296 2012-12-18] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2012-02-27] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [Control Center] => C:\Program Files (x86)\Control Center\CCenter.exe [800256 2010-06-23] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-10-20] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3862440 2016-03-02] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2885704 2016-04-12] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-03-23] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [934400 2013-02-13] (Ares Development Group)
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Run: [Facebook Update] => C:\Users\Rafael\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-11] (Facebook Inc.)
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Run: [BoBrowser] => --no-proxy-server --allow-outdated-plugins --location=0
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50509440 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Run: [BingSvc] => C:\Users\Rafael\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-22] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\MountPoints2: {97ee28c5-845e-11e2-b1be-00e04c11d573} - F:\iStudio.exe
Startup: C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d.lnk [2015-11-15]
ShortcutTarget: d.lnk -> C:\Users\Rafael\AppData\Roaming\obX1NvHl7T.exe (Nenhum Arquivo)
Startup: C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\q.lnk [2015-11-05]
ShortcutTarget: q.lnk -> C:\Users\Rafael\AppData\Roaming\obOsEm8cyK.exe (Nenhum Arquivo)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0159A443-52CF-43BC-96CA-C1DAE87B4441}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4B3C77AE-C545-4330-8748-647064431D68}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{667259C2-3C95-4E39-B0EC-CF7680645889}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7C2C8843-2388-4F75-B3E8-6721AF989DC6}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={0E7FF1AE-B841-43D2-BAAF-FD0FA0E1DA8B}&mid=e01b4e1f9cc347d398a2d1a90af53c80-52e8e13b899ac23213cc13d3335893eb7bae2f43&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-09-05 14:42:20&v=4.2.4.155&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mysearch.avg.com/?cid={0E7FF1AE-B841-43D2-BAAF-FD0FA0E1DA8B}&mid=e01b4e1f9cc347d398a2d1a90af53c80-52e8e13b899ac23213cc13d3335893eb7bae2f43&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915wt&pr=fr&d=2015-09-05 14:42:20&v=4.1.6.294&pid=wtu&sg=&sap=hp
hxxp://www.cceinfo.com.br
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.cceinfo.com.br
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
SearchScopes: HKLM -> {E6C1B02B-026C-46A7-BF29-152A4A1C60F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
SearchScopes: HKLM-x32 -> {667A750D-5D97-49AD-A876-A07EB5C95AB9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0E7FF1AE-B841-43D2-BAAF-FD0FA0E1DA8B}&mid=e01b4e1f9cc347d398a2d1a90af53c80-52e8e13b899ac23213cc13d3335893eb7bae2f43&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-09-05 14:42:20&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> {667A750D-5D97-49AD-A876-A07EB5C95AB9} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcm&utm_campaign=install_ie&utm_content=ds&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&ts=1423324085&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0E7FF1AE-B841-43D2-BAAF-FD0FA0E1DA8B}&mid=e01b4e1f9cc347d398a2d1a90af53c80-52e8e13b899ac23213cc13d3335893eb7bae2f43&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-09-05 14:42:20&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> {B0C53CE2-C6CB-4422-B1DF-7B5E07C0583D} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcm&utm_campaign=install_ie&utm_content=ds&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&ts=1423324085&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> {E6C1B02B-026C-46A7-BF29-152A4A1C60F8} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcm&utm_campaign=install_ie&utm_content=ds&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&ts=1423324085&type=default&q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll [2012-02-27] (Trend Micro Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll [2012-09-08] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-14] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll [2012-02-27] (Trend Micro Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Sem Nome -> {71e129ff-6c2a-4984-818c-7e2c998b8d99} -> Nenhum Arquivo
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-22] (Oracle Corporation)
BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll [2016-04-12] (AVG)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: DealPly -> {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} -> C:\Program Files (x86)\DealPly\DealPlyIE.dll => Nenhum Arquivo
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll [2012-09-08] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-22] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> Sem Nome - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> Sem Nome - {D4027C7F-154A-4066-A1AD-4243D8127440} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum Arquivo
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll [2012-09-08] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll [2012-09-08] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll [2012-02-27] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll [2012-02-27] (Trend Micro Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2012-10-27] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2012-10-27] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2012-10-27] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2012-10-27] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423323992&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
FireFox:
========
FF ProfilePath: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: delta-homes
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: delta-homes
FF Homepage: hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=pt-br
hxxps://mysearch.avg.com/?cid={0E7FF1AE-B841-43D2-BAAF-FD0FA0E1DA8B}&mid=e01b4e1f9cc347d398a2d1a90af53c80-52e8e13b899ac23213cc13d3335893eb7bae2f43&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915wt&pr=fr&d=2015-09-05 14:42:20&v=4.1.6.294&pid=wtu&sg=&sap=hp
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-09] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-04-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [Nenhum Arquivo]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2176017839-3122028425-736170288-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Rafael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2176017839-3122028425-736170288-1001: gastecnologia.com.br/sf/abn -> C:\Users\Rafael\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-01-27] (GAS Tecnologia)
FF user.js: detected! => C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\user.js [2015-06-18]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\searchplugins\avg-secure-search.xml [2016-04-12]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\searchplugins\Baixaki.xml [2013-12-30]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\searchplugins\bing-.xml [2015-11-22]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\searchplugins\bingp.xml [2014-03-09]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\searchplugins\delta-homes.xml [2016-04-09]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\searchplugins\metaCrawler.xml [2013-12-04]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-08-21]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-04-12]
FF Extension: Default NewTab - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\default_newtabff@gmail.com [2015-11-17] [não assinado]
FF Extension: HQ-Video-Pro-1.5c - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\BUEOFMG63663698@KOF20424187.com [2016-01-17] [não assinado]
FF Extension: YahooToolsProtected - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\yahooprotected@gmail.com.xpi [2016-01-17] [não assinado]
FF Extension: AVG Web TuneUp - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\avg@toolbar.xpi [2016-04-12]
FF Extension: Bing Search - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-11-22]
FF Extension: FF Toolbar - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\fftoolbar2014@etech.com [2015-06-01] [não assinado]
FF Extension: Settings Manager - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\{19fd2a37-832b-491c-8278-c8c408359c20}.xpi [2014-11-25] [não assinado]
FF Extension: SaveSense - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23} [2014-03-11] [não assinado]
FF Extension: Search Manager for Mozilla Firefox ™ - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\{5ccf2762-2b66-4dd5-9997-1103d12d3125}.xpi [2014-12-23] [não assinado]
FF Extension: SaveSense - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36} [2014-01-01] [não assinado]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2016-02-20] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\faststartff@gmail.com => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\quick_searchff@gmail.com => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\sweetsearch@gmail.com => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2016-02-20] [não assinado]
FF HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Rafael\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
FF Extension: GBBD Banco Santander (Brasil) S.A. - C:\Users\Rafael\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2015-04-16] [não assinado]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.delta-homes.com/?type=sc&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://www.delta-homes.com/?type=hp&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS"
CHR Profile: C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface [2015-01-05]
CHR Extension: (Google Docs) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Adblock Plus) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-14]
CHR Extension: (AVG Secure Search) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-02-19]
CHR Extension: (Google Search) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (HQ-Video-Pro-1.5) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\egihcegngbfhhhnfjfamognnonckdklg [2015-05-08]
CHR Extension: (Documentos Google off-line) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf [2015-04-17]
CHR Extension: (SaveSense) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk [2014-03-11]
CHR Extension: (Skype) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-05]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKU\S-1-5-21-2176017839-3122028425-736170288-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [abmojiekfpcmkkfamgfcpgfgipocface] - C:\Users\Rafael\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx [2014-01-19]
CHR HKU\S-1-5-21-2176017839-3122028425-736170288-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2176017839-3122028425-736170288-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2176017839-3122028425-736170288-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3934184 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-03-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [941680 2015-10-27] (ClaraLabs)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [Arquivo não assinado]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [Arquivo não assinado]
R2 vToolbarUpdater40.2.4; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe [1923984 2015-12-24] (AVG Secure Search)
R2 vToolbarUpdater40.2.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-12] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1223752 2016-04-12] ()
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /svc [X]
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378288 2016-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [269232 2016-03-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [52032 2014-01-21] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [34624 2014-01-21] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [128992 2014-01-21] (Baidu, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [107048 2012-09-24] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173504 2012-09-24] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2012-09-24] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2013-02-23] (Trend Micro Inc.)
R0 tpsacpi; C:\Windows\System32\DRIVERS\tpsacpi.SYS [12224 2010-06-10] ()
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-14 17:28 - 2016-04-14 17:29 - 00039498 _____ C:\Users\Rafael\Downloads\FRST.txt
2016-04-14 17:27 - 2016-04-14 17:28 - 02375168 _____ (Farbar) C:\Users\Rafael\Downloads\FRST64 (1).exe
2016-04-14 17:03 - 2016-04-14 17:28 - 00000000 ____D C:\FRST
2016-04-14 17:02 - 2016-04-14 17:03 - 02375168 _____ (Farbar) C:\Users\Rafael\Downloads\FRST64.exe
2016-04-14 16:56 - 2016-04-14 16:56 - 00002244 _____ C:\Users\Public\Desktop\WinDS PRO Apps.lnk
2016-04-14 16:55 - 2016-04-14 16:59 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO Apps
2016-04-14 16:41 - 2016-04-14 16:41 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-04-14 16:40 - 2016-04-14 16:40 - 00002161 _____ C:\Users\Public\Desktop\WinDS PRO.lnk
2016-04-14 09:18 - 2016-04-14 09:53 - 185594236 _____ C:\Users\Rafael\Downloads\WinDS_PRO_Apps_2015.12.16.zip
2016-04-14 09:18 - 2016-04-14 09:32 - 43698377 _____ C:\Users\Rafael\Downloads\WinDS PRO 2016.04.08.zip
2016-04-14 09:02 - 2016-04-14 09:02 - 00000000 ____D C:\Users\Rafael\Desktop\citra-latest-windows-amd64
2016-04-14 09:00 - 2016-04-14 09:02 - 00000000 ____D C:\Users\Rafael\Desktop\Pokemon X (E)
2016-04-14 08:59 - 2016-04-14 08:59 - 00000000 ____D C:\Users\Rafael\AppData\Local\{E04835EE-7887-42B8-B85E-044971DA94A4}
2016-04-13 17:09 - 2016-04-13 17:09 - 1838597484 _____ C:\Users\Rafael\Downloads\Pokemon X (E).zip
2016-04-13 12:42 - 2016-04-13 12:43 - 01010284 _____ ( ) C:\Users\Rafael\Downloads\Pokemon X (E).exe
2016-04-13 12:26 - 2016-04-13 12:29 - 11511109 _____ C:\Users\Rafael\Downloads\citra-latest-windows-amd64.7z
2016-04-13 10:57 - 2016-04-13 10:57 - 00002229 _____ C:\Users\Public\Desktop\Receitanet 1.07 .lnk
2016-04-13 10:57 - 2016-04-13 10:57 - 00000176 _____ C:\Windows\REC-NET.INI
2016-04-13 10:57 - 2016-04-13 10:57 - 00000000 ____D C:\Program Files (x86)\Programas RFB
2016-04-13 10:56 - 2016-04-13 10:56 - 00001732 _____ C:\Users\Rafael\Desktop\IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
2016-04-13 10:56 - 2016-04-13 10:56 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2016
2016-04-13 10:41 - 2016-04-13 10:44 - 06191735 _____ (Serpro - Serviço Federal de Processamento de Dados) C:\Users\Rafael\Downloads\Receitanet-1.07 (1).exe
2016-04-13 10:39 - 2016-04-13 10:46 - 25941472 _____ (Receita Federal do Brasil) C:\Users\Rafael\Downloads\IRPF2016Win32v1.2.exe
2016-04-13 10:36 - 2016-04-13 10:36 - 00029376 _____ C:\Users\Rafael\Documents\40175326835-IRPF-2015-2014-origi-imagem-recibo.pdf
2016-04-13 10:35 - 2016-04-13 10:35 - 00004037 _____ C:\Users\Rafael\Documents\40175326835-IRPF-A-2015-2014-ORIGI.DEC
2016-04-13 10:35 - 2016-04-13 10:35 - 00000261 _____ C:\Users\Rafael\Documents\40175326835-IRPF-A-2015-2014-ORIGI.REC
2016-04-13 10:29 - 2016-04-13 10:30 - 00000000 ____D C:\Users\Rafael\AppData\Local\{F7387A6A-837D-4884-8B4D-C5F111C89003}
2016-04-12 22:23 - 2016-04-12 22:23 - 00000000 ____D C:\Users\Rafael\AppData\Local\{94DE1DC8-F0F0-41D2-A5EC-104081B91831}
2016-04-11 10:42 - 2016-04-11 10:42 - 00000000 ____D C:\Users\Rafael\AppData\Local\{6DFBF74C-B89B-46F6-9EB5-9B8F87F7923A}
2016-04-10 21:31 - 2016-04-10 21:32 - 00000000 ____D C:\Users\Rafael\AppData\Local\{E8D06351-DDB3-4EA7-9435-545DBD121BD0}
2016-04-09 10:10 - 2016-04-09 10:11 - 00000000 ____D C:\Users\Rafael\AppData\Local\{CDED206F-43AA-4FB5-B7BE-1287F2CB8BDF}
2016-04-08 22:39 - 2016-04-08 23:02 - 70081957 _____ C:\Users\Rafael\Downloads\C20AE_www.baixarsomgospel.org.zip
2016-04-08 22:09 - 2016-04-08 22:09 - 00000000 ____D C:\Users\Rafael\AppData\Local\{91CE36A3-EB3B-44FD-BEC3-F82A7684A859}
2016-04-07 09:18 - 2016-04-07 09:18 - 00000000 ____D C:\Users\Rafael\AppData\Local\{57E3E17B-78D8-4352-8C33-31BAC68021B1}
2016-04-06 13:34 - 2016-04-06 13:34 - 00000000 ____D C:\Users\Rafael\AppData\Local\{E01316A9-E346-411C-BA17-AFE244B3FEF0}
2016-04-04 10:51 - 2016-04-04 10:51 - 00314796 _____ C:\Users\Rafael\Downloads\Parkinson.pptx
2016-04-04 10:50 - 2016-04-04 10:50 - 00176659 _____ C:\Users\Rafael\Downloads\Parkinson RM.pdf
2016-04-04 10:19 - 2016-04-04 10:19 - 00000000 ____D C:\Users\Rafael\AppData\Local\{7F53FEBF-7F95-4ACA-BD70-80C162424A8F}
2016-04-03 19:18 - 2016-04-03 19:18 - 00000000 ____D C:\Users\Rafael\AppData\Local\{B42AF86F-EDAA-4D2F-9051-A7CBCF032EE4}
2016-04-02 19:45 - 2016-04-02 19:46 - 00000000 ____D C:\Users\Rafael\AppData\Local\{F2C0B530-017C-45AA-BD84-61164ACA480C}
2016-04-01 11:13 - 2016-04-01 11:13 - 00000000 ____D C:\Users\Rafael\AppData\Local\{64F682B6-A152-4A00-937F-9AEF2B5B4D1F}
2016-04-01 00:51 - 2016-04-01 01:42 - 338838930 _____ C:\Users\Rafael\Downloads\Pk_Asc.rar
2016-03-31 22:54 - 2016-03-31 22:54 - 01302926 _____ C:\Users\Rafael\Downloads\documents-export-2016-03-31.zip
2016-03-31 20:56 - 2016-03-31 20:57 - 00000000 ____D C:\Users\Rafael\AppData\Local\{1F3A0FB9-BC22-4892-83B3-32FEA4D9431F}
2016-03-31 08:55 - 2016-03-31 08:56 - 00000000 ____D C:\Users\Rafael\AppData\Local\{5CD7D921-70C4-4F30-BF0F-6D59A07018E1}
2016-03-30 13:58 - 2016-03-30 13:59 - 00000000 ____D C:\Users\Rafael\AppData\Local\{EBE785C6-0F28-4CFB-AFA4-C4100728DA7B}
2016-03-28 10:43 - 2016-03-28 10:44 - 00000000 ____D C:\Users\Rafael\AppData\Local\{BA68EDDE-4D61-4EC0-A882-7816B2FA8908}
2016-03-27 21:49 - 2016-03-27 21:50 - 00000000 ____D C:\Users\Rafael\AppData\Local\{EBDDB10B-27B7-4E95-A54A-04202AF43B52}
2016-03-26 19:31 - 2016-03-26 19:31 - 00166528 _____ C:\Users\Rafael\Downloads\Constru�o da identidade, o processo educacional e a viol�ncia - uma vis�o psicanal�tica David Levisky_revisadoUnicamp.pdf
2016-03-26 19:31 - 2016-03-26 19:31 - 00078546 _____ C:\Users\Rafael\Downloads\03.pdf
2016-03-26 19:23 - 2016-03-26 19:23 - 00000000 ____D C:\Users\Rafael\AppData\Local\{7376873E-85E2-4692-9A93-CA4AD5AF3F1E}
2016-03-26 15:03 - 2016-03-26 15:03 - 00000000 ____D C:\Users\Rafael\AppData\Local\{FFD983B9-3912-45C1-8CBB-2067F445DE12}
2016-03-26 13:37 - 2016-03-26 13:38 - 00000000 ____D C:\Users\Rafael\Desktop\Caes
2016-03-26 13:08 - 2016-03-26 13:08 - 00000000 ____D C:\Users\Rafael\AppData\Local\{D486F829-D270-4400-B885-69B33AA3764E}
2016-03-25 10:55 - 2016-03-25 10:56 - 00000000 ____D C:\Users\Rafael\AppData\Local\{C9BE0D33-05B7-4A72-9205-AA2436311984}
2016-03-22 08:48 - 2016-03-22 08:49 - 00000000 ____D C:\Users\Rafael\AppData\Local\{069EBAE5-648B-45EF-A691-76D4CA79BC16}
2016-03-19 21:13 - 2016-03-19 23:07 - 00664064 _____ C:\Users\Rafael\Downloads\avaliação osteoarticular TC.Santa Casa.ppt
2016-03-19 21:09 - 2016-03-19 21:10 - 00000000 ____D C:\Users\Rafael\AppData\Local\{28BEC846-9CEF-43A4-9222-FDA09B3683D0}
2016-03-19 21:08 - 2016-03-19 21:08 - 00000000 ____D C:\Users\Rafael\Desktop\My Shared Folder
2016-03-18 22:23 - 2016-03-18 22:24 - 00000000 ____D C:\Users\Rafael\AppData\Local\{BA3621FE-6590-414E-AEBD-AD71427989C5}
2016-03-16 22:28 - 2016-03-16 22:28 - 00037627 _____ C:\Users\Rafael\Downloads\Fotos.zip
2016-03-16 19:40 - 2016-03-16 19:41 - 00000000 ____D C:\Users\Rafael\AppData\Local\{6FA0FFFA-2DC9-41D8-915A-6F008823AF59}
2016-03-16 05:44 - 2016-03-16 05:44 - 00000000 ____D C:\Users\Rafael\AppData\Local\{1234076C-72DF-40D0-A2ED-D72A8396283C}
2016-03-15 23:39 - 2016-03-15 23:39 - 00014848 _____ C:\Users\Rafael\Desktop\Segurança no processo.ppt
2016-03-15 13:23 - 2016-03-15 13:23 - 00000000 ____D C:\Users\Rafael\AppData\Local\{432048A2-F8CB-4265-88E3-C82DCF534601}
2016-03-14 09:34 - 2016-03-14 09:34 - 00000000 ____D C:\Users\Rafael\AppData\Local\{58822B4E-05B8-4FA4-BB40-2E71B5410A72}
2016-03-11 20:57 - 2016-02-29 00:26 - 15862459 ____N C:\Users\Rafael\Desktop\IMG_1628.mp4
2016-03-11 20:50 - 2016-03-11 20:50 - 00000000 ____D C:\Users\Rafael\AppData\Local\{499FC153-2F42-4AD5-BEFB-46FFA6C52480}
2016-03-10 19:01 - 2016-03-10 19:02 - 00000000 ____D C:\Users\Rafael\AppData\Local\{D24E0151-7A47-45EE-AD56-0D507A50731D}
2016-03-07 11:18 - 2016-03-07 11:19 - 00000000 ____D C:\Users\Rafael\AppData\Local\{FA4C5EE3-1D7B-4D1D-96B2-6E8C702C8A82}
2016-03-06 20:57 - 2016-03-06 20:57 - 00489146 _____ C:\Users\Rafael\Desktop\Letter aprovation.pdf
2016-03-06 20:56 - 2016-03-06 20:56 - 00489146 _____ C:\Users\Rafael\Downloads\IMM5740_1-8FWOK7F.pdf
2016-03-06 16:05 - 2016-03-06 16:05 - 00000000 ____D C:\Users\Rafael\AppData\Local\{8863AE3A-76F2-475A-9DD6-B2359D1F0B7E}
2016-03-02 10:21 - 2016-03-02 10:21 - 00269232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2016-02-29 13:26 - 2016-02-29 13:26 - 00093313 _____ C:\Users\Rafael\Downloads\FCMSCSP-Boleto-Itau.PDF
2016-02-29 13:23 - 2016-02-29 13:23 - 00000000 ____D C:\Users\Rafael\AppData\Local\{CD901CB9-09F7-4825-B662-18229E87C16F}
2016-02-27 16:45 - 2016-02-27 16:45 - 00000000 ____D C:\Users\Rafael\AppData\Local\{C960A496-913B-4131-9E5F-FEB022EB5AAB}
2016-02-24 14:05 - 2016-02-24 14:06 - 00000000 ____D C:\Users\Rafael\AppData\Local\{0C4FBB95-7F0F-47D6-8597-50BC82D2895E}
2016-02-22 11:41 - 2016-02-22 11:42 - 00000000 ____D C:\Users\Rafael\AppData\Local\{205F3D4E-B0A4-4737-97F6-65C2CE79201D}
2016-02-20 13:25 - 2016-02-20 13:26 - 00000000 ____D C:\Users\Rafael\AppData\Local\{F66C4ACF-6C07-4CB6-B9DA-AE9AEB394AE1}
2016-02-19 22:07 - 2016-02-19 22:07 - 00000662 _____ C:\Users\Rafael\Downloads\dados.xls
2016-02-19 09:50 - 2016-04-12 22:52 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 09:43 - 2016-04-14 17:08 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d16b131d588245.job
2016-02-19 09:43 - 2016-04-14 16:48 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d16b131f589f85.job
2016-02-19 09:43 - 2016-02-19 09:43 - 00004064 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d16b131f589f85
2016-02-19 09:43 - 2016-02-19 09:43 - 00003812 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d16b131d588245
2016-02-19 09:42 - 2016-02-19 09:43 - 00000000 ____D C:\Users\Rafael\AppData\Local\Deployment
2016-02-19 09:42 - 2016-02-19 09:42 - 00000000 ____D C:\Users\Rafael\AppData\Local\Apps\2.0
2016-02-19 09:22 - 2016-02-19 09:23 - 00000000 ____D C:\Users\Rafael\AppData\Local\{1CAA10A6-7D7F-4945-94F8-CC453C84CD24}
2016-02-18 15:30 - 2016-02-18 15:31 - 00000000 ____D C:\Users\Rafael\AppData\Local\{117D5884-8F96-438A-BC8A-A60B707919BF}
2016-02-17 09:48 - 2016-02-17 09:50 - 00000000 ____D C:\Users\Rafael\AppData\Local\{F2937C71-21BE-407F-B508-814A8383C995}
2016-02-17 09:27 - 2016-02-17 09:27 - 00000000 ____D C:\Users\TEMP.Rafael-WIN.006
2016-02-17 09:27 - 2013-05-09 22:03 - 00000000 ____D C:\Users\TEMP.Rafael-WIN.006\AppData\Roaming\TuneUp Software
2016-02-17 09:27 - 2009-07-14 15:11 - 00000000 ____D C:\Users\TEMP.Rafael-WIN.006\AppData\Roaming\Media Center Programs
2016-02-14 21:48 - 2016-02-14 22:08 - 00000000 ____D C:\Users\Rafael\Desktop\trabalho
2016-02-14 21:17 - 2016-02-14 21:19 - 03947526 _____ C:\Users\Rafael\Downloads\RM 2ª Versão para impressão.pdf
2016-02-14 21:12 - 2016-02-14 21:13 - 00000000 ____D C:\Users\Rafael\AppData\Local\{B94E2618-66D9-4497-9229-F0E270BB7EC3}
2016-02-12 21:47 - 2016-02-12 21:49 - 00000000 ____D C:\Users\Rafael\Desktop\Acamp. lideres
2016-02-12 19:45 - 2016-02-12 19:45 - 00117248 _____ C:\Users\Rafael\Desktop\Quebrantado1.pps
2016-02-12 19:43 - 2016-02-12 19:44 - 00117248 _____ C:\Users\Rafael\Desktop\Quebrantado1.ppt
2016-02-12 16:46 - 2016-02-14 21:31 - 00025088 ____H C:\Users\Rafael\Documents\~WRL1085.tmp
2016-02-12 16:46 - 2016-02-12 16:46 - 00024064 ____H C:\Users\Rafael\Documents\~WRL0003.tmp
2016-02-12 16:34 - 2016-02-12 16:34 - 00184963 _____ C:\Users\Rafael\Downloads\colangiorressonância (1).pdf
2016-02-12 16:31 - 2016-02-12 16:31 - 00184963 _____ C:\Users\Rafael\Downloads\colangiorressonância.pdf
2016-02-12 12:21 - 2016-02-12 12:22 - 00000000 ____D C:\Users\Rafael\AppData\Local\{64D8E3E9-FBC0-454E-BD45-118A0B8CC3A0}
2016-02-10 11:16 - 2016-02-10 11:17 - 00000000 ____D C:\Users\Rafael\AppData\Local\{7273E1B5-9786-40CF-8543-F37E79546B55}
2016-02-09 20:06 - 2016-02-09 20:09 - 14348892 _____ C:\Users\Rafael\Downloads\DOC PESSOAIS DE HORING.pdf
2016-02-09 18:13 - 2016-02-09 18:14 - 00000000 ____D C:\Users\Rafael\AppData\Local\{4B73791E-0BCD-4FFD-AA7C-9CCB0FC90597}
2016-02-07 20:25 - 2016-02-07 20:30 - 00000000 ____D C:\Users\Rafael\Desktop\Disney
2016-02-06 22:53 - 2016-02-07 12:01 - 00000000 ____D C:\Users\Rafael\AppData\Local\{819C064B-EAC6-48D9-8DD9-6055670BAE0F}
2016-02-05 11:52 - 2016-02-05 11:52 - 00104341 _____ C:\Users\Rafael\Documents\SisFIES - Sistema de Financiamento ao Estudante.pdf
2016-02-05 10:32 - 2016-02-05 10:32 - 00000000 ____D C:\Users\Rafael\AppData\Local\{B1737986-84A7-451A-896F-03ABC5E48A5C}
2016-02-05 10:05 - 2016-02-05 10:04 - 00457663 _____ C:\Users\Rafael\Desktop\Scanner_2_2015-08-07-144151.pdf
2016-02-05 10:03 - 2016-02-05 10:04 - 00457663 _____ C:\Users\Rafael\Downloads\Scanner_2_2015-08-07-144151.pdf
2016-02-04 22:31 - 2016-02-04 22:31 - 00000000 ____D C:\Users\Rafael\AppData\Local\{481A5AD4-3655-4F69-B650-0DC3C8583352}
2016-02-04 08:51 - 2016-02-04 08:52 - 00000000 ____D C:\Users\Rafael\AppData\Local\{EB637E36-477B-44FB-AC93-F397A82D6291}
2016-02-03 11:53 - 2016-02-03 11:53 - 00378288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2016-02-03 09:34 - 2016-02-03 09:35 - 00000000 ____D C:\Users\Rafael\AppData\Local\{07300FCB-FE90-40D8-B7BF-5E875CE23EC2}
2016-02-02 17:18 - 2016-02-02 17:20 - 00000066 _____ C:\Users\Todos os Usuários\merlin.ini
2016-02-02 17:17 - 2016-02-02 17:17 - 00000000 ____D C:\Windows\MSAgent64
2016-02-02 17:17 - 2016-02-02 17:17 - 00000000 ____D C:\Windows\MSAgent
2016-02-02 17:15 - 2016-02-02 17:15 - 00798742 _____ (Authorsoft Corporation ) C:\Users\Rafael\Downloads\CuteTranslator.exe
2016-02-02 17:13 - 2016-02-17 10:45 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator3
2016-02-02 17:13 - 2016-02-17 10:45 - 00000000 ____D C:\Program Files (x86)\FreeLanguageTranslator 3.6
2016-02-02 17:13 - 2016-02-02 17:13 - 00003067 _____ C:\Users\Rafael\Desktop\FreeTranslator.lnk
2016-02-02 17:13 - 2016-02-02 17:13 - 00003021 _____ C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Free Language Translator.lnk
2016-02-02 17:02 - 2016-02-02 17:03 - 02439812 _____ C:\Users\Rafael\Downloads\FreeTranslatorSetup.zip
2016-02-02 16:54 - 2016-02-02 17:01 - 00000000 ____D C:\Users\Rafael\Documents\Multilizer
2016-02-02 16:54 - 2016-02-02 16:58 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\multilizer
2016-02-02 16:54 - 2016-02-02 16:55 - 00000000 ____D C:\Users\Todos os Usuários\multilizer
2016-02-02 16:38 - 2016-02-02 16:39 - 00000000 ____D C:\Users\Rafael\AppData\Local\{3E905CDF-656A-400A-A332-D2B6E5F1F3D2}
2016-02-01 18:32 - 2016-02-01 18:33 - 00000000 ____D C:\Users\Rafael\AppData\Local\{8D7ABFFC-2DB3-46E9-BD04-18A599A9EB47}
2016-01-29 15:59 - 2016-01-29 16:00 - 00000000 ____D C:\Users\Rafael\AppData\Local\{B09E0919-2F38-4641-9F31-C1CC940B97B6}
2016-01-28 15:20 - 2016-01-28 15:21 - 00000000 ____D C:\Users\Rafael\AppData\Local\{15F7C9D0-970C-415A-9120-CFD401566840}
2016-01-26 11:04 - 2016-01-26 11:04 - 00315312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2016-01-26 11:04 - 2016-01-26 11:04 - 00272304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2016-01-26 08:02 - 2016-01-26 08:03 - 00000000 ____D C:\Users\Rafael\AppData\Local\{1D93677B-026A-451D-B95C-67A4A102A6CD}
2016-01-24 20:12 - 2016-01-24 20:12 - 00000000 ____D C:\Users\Rafael\AppData\Local\{E8FCEE9C-E797-4ED0-B461-D538B7EA9E14}
2016-01-23 19:31 - 2016-01-23 19:32 - 00000000 ____D C:\Users\Rafael\AppData\Local\{F2366645-49B0-455B-AA66-163F0D02E655}
2016-01-22 14:12 - 2016-01-22 14:13 - 00000000 ____D C:\Users\Rafael\AppData\Local\{ABD0934E-5EFE-4D65-9550-451A1DDA269A}
2016-01-19 07:43 - 2016-01-19 23:07 - 00000000 ____D C:\Users\Rafael\AppData\Local\{8AAAA29C-2B91-4075-A45C-D06E808796FF}
2016-01-18 21:56 - 2016-01-18 21:56 - 00349186 _____ C:\Users\Rafael\Downloads\Foto_comprovante_.zip
2016-01-17 18:56 - 2016-01-17 18:57 - 00000000 ____D C:\Users\Rafael\AppData\Local\{751705CC-1C41-4B8A-B678-C3FABF50064B}
2016-01-15 10:14 - 2016-03-26 13:15 - 00000000 ____D C:\Users\Rafael\Downloads\diagnostico
2016-01-15 10:08 - 2016-01-15 10:08 - 00041319 _____ C:\Users\Rafael\Downloads\Losurdo-2014-Developmental_Medicine_&_Child_Neurology.pdf
2016-01-15 09:51 - 2016-01-15 09:52 - 00000000 ____D C:\Users\Rafael\AppData\Local\{B3BE21FD-77CF-461D-8602-FB535B8288BF}
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-14 17:28 - 2014-02-17 14:28 - 00000296 _____ C:\Windows\Tasks\SaveSense.job
2016-04-14 17:15 - 2009-07-14 01:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-14 17:15 - 2009-07-14 01:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-14 17:08 - 2013-11-26 13:53 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Skype
2016-04-14 17:08 - 2013-11-15 16:19 - 00000000 ____D C:\Users\Rafael\Tracing
2016-04-14 17:07 - 2015-05-31 20:53 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-04-14 17:07 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-14 17:05 - 2013-02-03 11:17 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-14 16:59 - 2013-01-24 14:40 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2016-04-14 16:42 - 2013-01-24 14:41 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-04-14 16:42 - 2013-01-24 14:41 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-04-14 15:55 - 2013-06-11 21:22 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2176017839-3122028425-736170288-1001UA.job
2016-04-14 15:55 - 2009-07-14 00:20 - 00000000 _RSHD C:\Windows\tracing
2016-04-14 09:01 - 2013-04-21 17:19 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2016-04-13 10:56 - 2013-04-14 17:15 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2016-04-13 10:56 - 2013-04-14 17:15 - 00000000 ____D C:\Arquivos de Programas RFB
2016-04-12 22:32 - 2015-09-05 14:42 - 00000000 ____D C:\Users\Todos os Usuários\AVG Web TuneUp
2016-04-12 22:32 - 2015-09-05 14:42 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-04-10 21:37 - 2013-06-11 21:22 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2176017839-3122028425-736170288-1001Core.job
2016-04-09 10:09 - 2013-02-03 11:17 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-09 10:08 - 2013-02-03 11:17 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-09 10:08 - 2013-02-03 11:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 22:22 - 2015-12-24 13:38 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-04-06 16:11 - 2015-05-08 13:26 - 00000000 ____D C:\Users\Todos os Usuários\CanonIJPLM
2016-04-04 15:12 - 2013-02-20 23:44 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\SoftGrid Client
2016-04-01 00:01 - 2015-10-06 21:05 - 00000000 ____D C:\Users\Rafael\Desktop\Outlook.com (3)
2016-03-22 09:05 - 2013-11-26 14:32 - 00000000 ____D C:\Users\Rafael\AppData\Local\CrashDumps
2016-03-22 09:04 - 2015-02-13 16:22 - 00027648 _____ C:\Users\Rafael\Desktop\Pasta1.xls
2016-03-22 09:01 - 2009-07-14 14:55 - 00675660 _____ C:\Windows\system32\prfh0416.dat
2016-03-22 09:01 - 2009-07-14 14:55 - 00132032 _____ C:\Windows\system32\prfc0416.dat
2016-03-22 09:01 - 2009-07-14 02:13 - 01549570 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-22 09:01 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
==================== Arquivos na raiz de alguns diretórios =======
2013-06-26 20:34 - 2014-06-23 09:24 - 0003731 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-01-19 17:13 - 2014-01-19 17:13 - 0019929 _____ () C:\Users\Rafael\AppData\Roaming\unins000.dat
2014-01-19 17:13 - 2014-01-19 17:12 - 0720594 _____ () C:\Users\Rafael\AppData\Roaming\unins000.exe
2014-01-01 19:02 - 2015-05-14 15:39 - 0000143 _____ () C:\Users\Rafael\AppData\Roaming\WB.CFG
2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
2016-02-02 17:18 - 2016-02-02 17:20 - 0000066 _____ () C:\ProgramData\merlin.ini
2016-02-02 17:18 - 2016-02-02 17:18 - 0000006 _____ () C:\ProgramData\merlin.log
Arquivos para serem movidos ou deletados:
====================
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
Alguns arquivos em TEMP:
====================
C:\Users\Rafael\AppData\Local\Temp\.gbas.dll
C:\Users\Rafael\AppData\Local\Temp\APNStub.exe
C:\Users\Rafael\AppData\Local\Temp\avguirn_081204648705.exe
C:\Users\Rafael\AppData\Local\Temp\avguirn_08713973565.exe
C:\Users\Rafael\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Rafael\AppData\Local\Temp\BingSvc.exe
C:\Users\Rafael\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Rafael\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Rafael\AppData\Local\Temp\cdo1326958907.dll
C:\Users\Rafael\AppData\Local\Temp\cdo1624290510.dll
C:\Users\Rafael\AppData\Local\Temp\cdo1741794611.dll
C:\Users\Rafael\AppData\Local\Temp\cdo2857790171.dll
C:\Users\Rafael\AppData\Local\Temp\cdo910299619.dll
C:\Users\Rafael\AppData\Local\Temp\djhpasic.dll
C:\Users\Rafael\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Rafael\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Rafael\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Rafael\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Rafael\AppData\Local\Temp\MSN229F.exe
C:\Users\Rafael\AppData\Local\Temp\oi_{486DBB93-CA91-4C57-8201-E2B87E16A18F}.exe
C:\Users\Rafael\AppData\Local\Temp\oi_{93C821CB-7FA6-4587-881A-428713711C17}.exe
C:\Users\Rafael\AppData\Local\Temp\oltipp3c.dll
C:\Users\Rafael\AppData\Local\Temp\spidentifierimpl.exe
C:\Users\Rafael\AppData\Local\Temp\ug3dmlnm.dll
C:\Users\Rafael\AppData\Local\Temp\unins000.exe
C:\Users\Rafael\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_28746.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-04-08 22:57
==================== Fim de FRST.txt ============================
Executado por Rafael (administrador) em RAFAEL-WIN (14-04-2016 17:28:37)
Executando a partir de C:\Users\Rafael\Downloads
Perfis Carregados: Rafael (Perfis Disponíveis: Rafael)
Platform: Windows 7 Home Premium (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ClaraLabs) C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Ares Development Group) C:\Program Files (x86)\Ares\Ares.exe
(Facebook Inc.) C:\Users\Rafael\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\Rafael\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Control Center\CCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8321568 2009-11-10] (Realtek Semiconductor)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1304296 2012-12-18] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2012-02-27] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [Control Center] => C:\Program Files (x86)\Control Center\CCenter.exe [800256 2010-06-23] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-10-20] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3862440 2016-03-02] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2885704 2016-04-12] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-03-23] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [934400 2013-02-13] (Ares Development Group)
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Run: [Facebook Update] => C:\Users\Rafael\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-11] (Facebook Inc.)
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Run: [BoBrowser] => --no-proxy-server --allow-outdated-plugins --location=0
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50509440 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Run: [BingSvc] => C:\Users\Rafael\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-22] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\MountPoints2: {97ee28c5-845e-11e2-b1be-00e04c11d573} - F:\iStudio.exe
Startup: C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d.lnk [2015-11-15]
ShortcutTarget: d.lnk -> C:\Users\Rafael\AppData\Roaming\obX1NvHl7T.exe (Nenhum Arquivo)
Startup: C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\q.lnk [2015-11-05]
ShortcutTarget: q.lnk -> C:\Users\Rafael\AppData\Roaming\obOsEm8cyK.exe (Nenhum Arquivo)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0159A443-52CF-43BC-96CA-C1DAE87B4441}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4B3C77AE-C545-4330-8748-647064431D68}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{667259C2-3C95-4E39-B0EC-CF7680645889}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7C2C8843-2388-4F75-B3E8-6721AF989DC6}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={0E7FF1AE-B841-43D2-BAAF-FD0FA0E1DA8B}&mid=e01b4e1f9cc347d398a2d1a90af53c80-52e8e13b899ac23213cc13d3335893eb7bae2f43&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-09-05 14:42:20&v=4.2.4.155&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mysearch.avg.com/?cid={0E7FF1AE-B841-43D2-BAAF-FD0FA0E1DA8B}&mid=e01b4e1f9cc347d398a2d1a90af53c80-52e8e13b899ac23213cc13d3335893eb7bae2f43&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915wt&pr=fr&d=2015-09-05 14:42:20&v=4.1.6.294&pid=wtu&sg=&sap=hp
hxxp://www.cceinfo.com.br
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.cceinfo.com.br
HKU\S-1-5-21-2176017839-3122028425-736170288-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
SearchScopes: HKLM -> {E6C1B02B-026C-46A7-BF29-152A4A1C60F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423323993&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&q={searchTerms}
SearchScopes: HKLM-x32 -> {667A750D-5D97-49AD-A876-A07EB5C95AB9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0E7FF1AE-B841-43D2-BAAF-FD0FA0E1DA8B}&mid=e01b4e1f9cc347d398a2d1a90af53c80-52e8e13b899ac23213cc13d3335893eb7bae2f43&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-09-05 14:42:20&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> {667A750D-5D97-49AD-A876-A07EB5C95AB9} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcm&utm_campaign=install_ie&utm_content=ds&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&ts=1423324085&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0E7FF1AE-B841-43D2-BAAF-FD0FA0E1DA8B}&mid=e01b4e1f9cc347d398a2d1a90af53c80-52e8e13b899ac23213cc13d3335893eb7bae2f43&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-09-05 14:42:20&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> {B0C53CE2-C6CB-4422-B1DF-7B5E07C0583D} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcm&utm_campaign=install_ie&utm_content=ds&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&ts=1423324085&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> {E6C1B02B-026C-46A7-BF29-152A4A1C60F8} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcm&utm_campaign=install_ie&utm_content=ds&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS&ts=1423324085&type=default&q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll [2012-02-27] (Trend Micro Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll [2012-09-08] (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-14] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll [2012-02-27] (Trend Micro Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Sem Nome -> {71e129ff-6c2a-4984-818c-7e2c998b8d99} -> Nenhum Arquivo
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-22] (Oracle Corporation)
BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll [2016-04-12] (AVG)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: DealPly -> {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} -> C:\Program Files (x86)\DealPly\DealPlyIE.dll => Nenhum Arquivo
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll [2012-09-08] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-22] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> Sem Nome - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> Sem Nome - {D4027C7F-154A-4066-A1AD-4243D8127440} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-2176017839-3122028425-736170288-1001 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum Arquivo
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll [2012-09-08] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll [2012-09-08] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll [2012-02-27] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll [2012-02-27] (Trend Micro Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2012-10-27] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2012-10-27] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2012-10-27] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2012-10-27] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423323992&from=pcm&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
FireFox:
========
FF ProfilePath: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: delta-homes
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: delta-homes
FF Homepage: hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=pt-br
hxxps://mysearch.avg.com/?cid={0E7FF1AE-B841-43D2-BAAF-FD0FA0E1DA8B}&mid=e01b4e1f9cc347d398a2d1a90af53c80-52e8e13b899ac23213cc13d3335893eb7bae2f43&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915wt&pr=fr&d=2015-09-05 14:42:20&v=4.1.6.294&pid=wtu&sg=&sap=hp
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-09] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-04-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [Nenhum Arquivo]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2176017839-3122028425-736170288-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Rafael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2176017839-3122028425-736170288-1001: gastecnologia.com.br/sf/abn -> C:\Users\Rafael\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-01-27] (GAS Tecnologia)
FF user.js: detected! => C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\user.js [2015-06-18]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\searchplugins\avg-secure-search.xml [2016-04-12]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\searchplugins\Baixaki.xml [2013-12-30]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\searchplugins\bing-.xml [2015-11-22]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\searchplugins\bingp.xml [2014-03-09]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\searchplugins\delta-homes.xml [2016-04-09]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\searchplugins\metaCrawler.xml [2013-12-04]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-08-21]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-04-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-04-12]
FF Extension: Default NewTab - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\default_newtabff@gmail.com [2015-11-17] [não assinado]
FF Extension: HQ-Video-Pro-1.5c - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\BUEOFMG63663698@KOF20424187.com [2016-01-17] [não assinado]
FF Extension: YahooToolsProtected - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\yahooprotected@gmail.com.xpi [2016-01-17] [não assinado]
FF Extension: AVG Web TuneUp - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\avg@toolbar.xpi [2016-04-12]
FF Extension: Bing Search - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-11-22]
FF Extension: FF Toolbar - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\fftoolbar2014@etech.com [2015-06-01] [não assinado]
FF Extension: Settings Manager - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\{19fd2a37-832b-491c-8278-c8c408359c20}.xpi [2014-11-25] [não assinado]
FF Extension: SaveSense - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23} [2014-03-11] [não assinado]
FF Extension: Search Manager for Mozilla Firefox ™ - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\{5ccf2762-2b66-4dd5-9997-1103d12d3125}.xpi [2014-12-23] [não assinado]
FF Extension: SaveSense - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\Extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36} [2014-01-01] [não assinado]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2016-02-20] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\faststartff@gmail.com => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\quick_searchff@gmail.com => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\7psas2yh.default\extensions\sweetsearch@gmail.com => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2016-02-20] [não assinado]
FF HKU\S-1-5-21-2176017839-3122028425-736170288-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Rafael\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
FF Extension: GBBD Banco Santander (Brasil) S.A. - C:\Users\Rafael\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2015-04-16] [não assinado]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.delta-homes.com/?type=sc&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS
Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://www.delta-homes.com/?type=hp&ts=1434458572&z=92013894be74101437a4fafgczbc1z7z5wfb0w5mac&from=ient06162&uid=TOSHIBAXMQ01ABD075_Y1T4F32LSXXY1T4F32LS"
CHR Profile: C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface [2015-01-05]
CHR Extension: (Google Docs) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Adblock Plus) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-14]
CHR Extension: (AVG Secure Search) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-02-19]
CHR Extension: (Google Search) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (HQ-Video-Pro-1.5) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\egihcegngbfhhhnfjfamognnonckdklg [2015-05-08]
CHR Extension: (Documentos Google off-line) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf [2015-04-17]
CHR Extension: (SaveSense) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk [2014-03-11]
CHR Extension: (Skype) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-05]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKU\S-1-5-21-2176017839-3122028425-736170288-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [abmojiekfpcmkkfamgfcpgfgipocface] - C:\Users\Rafael\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx [2014-01-19]
CHR HKU\S-1-5-21-2176017839-3122028425-736170288-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2176017839-3122028425-736170288-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2176017839-3122028425-736170288-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3934184 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-03-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [941680 2015-10-27] (ClaraLabs)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [Arquivo não assinado]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [Arquivo não assinado]
R2 vToolbarUpdater40.2.4; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe [1923984 2015-12-24] (AVG Secure Search)
R2 vToolbarUpdater40.2.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-12] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1223752 2016-04-12] ()
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /svc [X]
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378288 2016-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [269232 2016-03-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [52032 2014-01-21] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [34624 2014-01-21] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [128992 2014-01-21] (Baidu, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [107048 2012-09-24] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173504 2012-09-24] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2012-09-24] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2013-02-23] (Trend Micro Inc.)
R0 tpsacpi; C:\Windows\System32\DRIVERS\tpsacpi.SYS [12224 2010-06-10] ()
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-14 17:28 - 2016-04-14 17:29 - 00039498 _____ C:\Users\Rafael\Downloads\FRST.txt
2016-04-14 17:27 - 2016-04-14 17:28 - 02375168 _____ (Farbar) C:\Users\Rafael\Downloads\FRST64 (1).exe
2016-04-14 17:03 - 2016-04-14 17:28 - 00000000 ____D C:\FRST
2016-04-14 17:02 - 2016-04-14 17:03 - 02375168 _____ (Farbar) C:\Users\Rafael\Downloads\FRST64.exe
2016-04-14 16:56 - 2016-04-14 16:56 - 00002244 _____ C:\Users\Public\Desktop\WinDS PRO Apps.lnk
2016-04-14 16:55 - 2016-04-14 16:59 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO Apps
2016-04-14 16:41 - 2016-04-14 16:41 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-04-14 16:40 - 2016-04-14 16:40 - 00002161 _____ C:\Users\Public\Desktop\WinDS PRO.lnk
2016-04-14 09:18 - 2016-04-14 09:53 - 185594236 _____ C:\Users\Rafael\Downloads\WinDS_PRO_Apps_2015.12.16.zip
2016-04-14 09:18 - 2016-04-14 09:32 - 43698377 _____ C:\Users\Rafael\Downloads\WinDS PRO 2016.04.08.zip
2016-04-14 09:02 - 2016-04-14 09:02 - 00000000 ____D C:\Users\Rafael\Desktop\citra-latest-windows-amd64
2016-04-14 09:00 - 2016-04-14 09:02 - 00000000 ____D C:\Users\Rafael\Desktop\Pokemon X (E)
2016-04-14 08:59 - 2016-04-14 08:59 - 00000000 ____D C:\Users\Rafael\AppData\Local\{E04835EE-7887-42B8-B85E-044971DA94A4}
2016-04-13 17:09 - 2016-04-13 17:09 - 1838597484 _____ C:\Users\Rafael\Downloads\Pokemon X (E).zip
2016-04-13 12:42 - 2016-04-13 12:43 - 01010284 _____ ( ) C:\Users\Rafael\Downloads\Pokemon X (E).exe
2016-04-13 12:26 - 2016-04-13 12:29 - 11511109 _____ C:\Users\Rafael\Downloads\citra-latest-windows-amd64.7z
2016-04-13 10:57 - 2016-04-13 10:57 - 00002229 _____ C:\Users\Public\Desktop\Receitanet 1.07 .lnk
2016-04-13 10:57 - 2016-04-13 10:57 - 00000176 _____ C:\Windows\REC-NET.INI
2016-04-13 10:57 - 2016-04-13 10:57 - 00000000 ____D C:\Program Files (x86)\Programas RFB
2016-04-13 10:56 - 2016-04-13 10:56 - 00001732 _____ C:\Users\Rafael\Desktop\IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
2016-04-13 10:56 - 2016-04-13 10:56 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2016
2016-04-13 10:41 - 2016-04-13 10:44 - 06191735 _____ (Serpro - Serviço Federal de Processamento de Dados) C:\Users\Rafael\Downloads\Receitanet-1.07 (1).exe
2016-04-13 10:39 - 2016-04-13 10:46 - 25941472 _____ (Receita Federal do Brasil) C:\Users\Rafael\Downloads\IRPF2016Win32v1.2.exe
2016-04-13 10:36 - 2016-04-13 10:36 - 00029376 _____ C:\Users\Rafael\Documents\40175326835-IRPF-2015-2014-origi-imagem-recibo.pdf
2016-04-13 10:35 - 2016-04-13 10:35 - 00004037 _____ C:\Users\Rafael\Documents\40175326835-IRPF-A-2015-2014-ORIGI.DEC
2016-04-13 10:35 - 2016-04-13 10:35 - 00000261 _____ C:\Users\Rafael\Documents\40175326835-IRPF-A-2015-2014-ORIGI.REC
2016-04-13 10:29 - 2016-04-13 10:30 - 00000000 ____D C:\Users\Rafael\AppData\Local\{F7387A6A-837D-4884-8B4D-C5F111C89003}
2016-04-12 22:23 - 2016-04-12 22:23 - 00000000 ____D C:\Users\Rafael\AppData\Local\{94DE1DC8-F0F0-41D2-A5EC-104081B91831}
2016-04-11 10:42 - 2016-04-11 10:42 - 00000000 ____D C:\Users\Rafael\AppData\Local\{6DFBF74C-B89B-46F6-9EB5-9B8F87F7923A}
2016-04-10 21:31 - 2016-04-10 21:32 - 00000000 ____D C:\Users\Rafael\AppData\Local\{E8D06351-DDB3-4EA7-9435-545DBD121BD0}
2016-04-09 10:10 - 2016-04-09 10:11 - 00000000 ____D C:\Users\Rafael\AppData\Local\{CDED206F-43AA-4FB5-B7BE-1287F2CB8BDF}
2016-04-08 22:39 - 2016-04-08 23:02 - 70081957 _____ C:\Users\Rafael\Downloads\C20AE_www.baixarsomgospel.org.zip
2016-04-08 22:09 - 2016-04-08 22:09 - 00000000 ____D C:\Users\Rafael\AppData\Local\{91CE36A3-EB3B-44FD-BEC3-F82A7684A859}
2016-04-07 09:18 - 2016-04-07 09:18 - 00000000 ____D C:\Users\Rafael\AppData\Local\{57E3E17B-78D8-4352-8C33-31BAC68021B1}
2016-04-06 13:34 - 2016-04-06 13:34 - 00000000 ____D C:\Users\Rafael\AppData\Local\{E01316A9-E346-411C-BA17-AFE244B3FEF0}
2016-04-04 10:51 - 2016-04-04 10:51 - 00314796 _____ C:\Users\Rafael\Downloads\Parkinson.pptx
2016-04-04 10:50 - 2016-04-04 10:50 - 00176659 _____ C:\Users\Rafael\Downloads\Parkinson RM.pdf
2016-04-04 10:19 - 2016-04-04 10:19 - 00000000 ____D C:\Users\Rafael\AppData\Local\{7F53FEBF-7F95-4ACA-BD70-80C162424A8F}
2016-04-03 19:18 - 2016-04-03 19:18 - 00000000 ____D C:\Users\Rafael\AppData\Local\{B42AF86F-EDAA-4D2F-9051-A7CBCF032EE4}
2016-04-02 19:45 - 2016-04-02 19:46 - 00000000 ____D C:\Users\Rafael\AppData\Local\{F2C0B530-017C-45AA-BD84-61164ACA480C}
2016-04-01 11:13 - 2016-04-01 11:13 - 00000000 ____D C:\Users\Rafael\AppData\Local\{64F682B6-A152-4A00-937F-9AEF2B5B4D1F}
2016-04-01 00:51 - 2016-04-01 01:42 - 338838930 _____ C:\Users\Rafael\Downloads\Pk_Asc.rar
2016-03-31 22:54 - 2016-03-31 22:54 - 01302926 _____ C:\Users\Rafael\Downloads\documents-export-2016-03-31.zip
2016-03-31 20:56 - 2016-03-31 20:57 - 00000000 ____D C:\Users\Rafael\AppData\Local\{1F3A0FB9-BC22-4892-83B3-32FEA4D9431F}
2016-03-31 08:55 - 2016-03-31 08:56 - 00000000 ____D C:\Users\Rafael\AppData\Local\{5CD7D921-70C4-4F30-BF0F-6D59A07018E1}
2016-03-30 13:58 - 2016-03-30 13:59 - 00000000 ____D C:\Users\Rafael\AppData\Local\{EBE785C6-0F28-4CFB-AFA4-C4100728DA7B}
2016-03-28 10:43 - 2016-03-28 10:44 - 00000000 ____D C:\Users\Rafael\AppData\Local\{BA68EDDE-4D61-4EC0-A882-7816B2FA8908}
2016-03-27 21:49 - 2016-03-27 21:50 - 00000000 ____D C:\Users\Rafael\AppData\Local\{EBDDB10B-27B7-4E95-A54A-04202AF43B52}
2016-03-26 19:31 - 2016-03-26 19:31 - 00166528 _____ C:\Users\Rafael\Downloads\Constru�o da identidade, o processo educacional e a viol�ncia - uma vis�o psicanal�tica David Levisky_revisadoUnicamp.pdf
2016-03-26 19:31 - 2016-03-26 19:31 - 00078546 _____ C:\Users\Rafael\Downloads\03.pdf
2016-03-26 19:23 - 2016-03-26 19:23 - 00000000 ____D C:\Users\Rafael\AppData\Local\{7376873E-85E2-4692-9A93-CA4AD5AF3F1E}
2016-03-26 15:03 - 2016-03-26 15:03 - 00000000 ____D C:\Users\Rafael\AppData\Local\{FFD983B9-3912-45C1-8CBB-2067F445DE12}
2016-03-26 13:37 - 2016-03-26 13:38 - 00000000 ____D C:\Users\Rafael\Desktop\Caes
2016-03-26 13:08 - 2016-03-26 13:08 - 00000000 ____D C:\Users\Rafael\AppData\Local\{D486F829-D270-4400-B885-69B33AA3764E}
2016-03-25 10:55 - 2016-03-25 10:56 - 00000000 ____D C:\Users\Rafael\AppData\Local\{C9BE0D33-05B7-4A72-9205-AA2436311984}
2016-03-22 08:48 - 2016-03-22 08:49 - 00000000 ____D C:\Users\Rafael\AppData\Local\{069EBAE5-648B-45EF-A691-76D4CA79BC16}
2016-03-19 21:13 - 2016-03-19 23:07 - 00664064 _____ C:\Users\Rafael\Downloads\avaliação osteoarticular TC.Santa Casa.ppt
2016-03-19 21:09 - 2016-03-19 21:10 - 00000000 ____D C:\Users\Rafael\AppData\Local\{28BEC846-9CEF-43A4-9222-FDA09B3683D0}
2016-03-19 21:08 - 2016-03-19 21:08 - 00000000 ____D C:\Users\Rafael\Desktop\My Shared Folder
2016-03-18 22:23 - 2016-03-18 22:24 - 00000000 ____D C:\Users\Rafael\AppData\Local\{BA3621FE-6590-414E-AEBD-AD71427989C5}
2016-03-16 22:28 - 2016-03-16 22:28 - 00037627 _____ C:\Users\Rafael\Downloads\Fotos.zip
2016-03-16 19:40 - 2016-03-16 19:41 - 00000000 ____D C:\Users\Rafael\AppData\Local\{6FA0FFFA-2DC9-41D8-915A-6F008823AF59}
2016-03-16 05:44 - 2016-03-16 05:44 - 00000000 ____D C:\Users\Rafael\AppData\Local\{1234076C-72DF-40D0-A2ED-D72A8396283C}
2016-03-15 23:39 - 2016-03-15 23:39 - 00014848 _____ C:\Users\Rafael\Desktop\Segurança no processo.ppt
2016-03-15 13:23 - 2016-03-15 13:23 - 00000000 ____D C:\Users\Rafael\AppData\Local\{432048A2-F8CB-4265-88E3-C82DCF534601}
2016-03-14 09:34 - 2016-03-14 09:34 - 00000000 ____D C:\Users\Rafael\AppData\Local\{58822B4E-05B8-4FA4-BB40-2E71B5410A72}
2016-03-11 20:57 - 2016-02-29 00:26 - 15862459 ____N C:\Users\Rafael\Desktop\IMG_1628.mp4
2016-03-11 20:50 - 2016-03-11 20:50 - 00000000 ____D C:\Users\Rafael\AppData\Local\{499FC153-2F42-4AD5-BEFB-46FFA6C52480}
2016-03-10 19:01 - 2016-03-10 19:02 - 00000000 ____D C:\Users\Rafael\AppData\Local\{D24E0151-7A47-45EE-AD56-0D507A50731D}
2016-03-07 11:18 - 2016-03-07 11:19 - 00000000 ____D C:\Users\Rafael\AppData\Local\{FA4C5EE3-1D7B-4D1D-96B2-6E8C702C8A82}
2016-03-06 20:57 - 2016-03-06 20:57 - 00489146 _____ C:\Users\Rafael\Desktop\Letter aprovation.pdf
2016-03-06 20:56 - 2016-03-06 20:56 - 00489146 _____ C:\Users\Rafael\Downloads\IMM5740_1-8FWOK7F.pdf
2016-03-06 16:05 - 2016-03-06 16:05 - 00000000 ____D C:\Users\Rafael\AppData\Local\{8863AE3A-76F2-475A-9DD6-B2359D1F0B7E}
2016-03-02 10:21 - 2016-03-02 10:21 - 00269232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2016-02-29 13:26 - 2016-02-29 13:26 - 00093313 _____ C:\Users\Rafael\Downloads\FCMSCSP-Boleto-Itau.PDF
2016-02-29 13:23 - 2016-02-29 13:23 - 00000000 ____D C:\Users\Rafael\AppData\Local\{CD901CB9-09F7-4825-B662-18229E87C16F}
2016-02-27 16:45 - 2016-02-27 16:45 - 00000000 ____D C:\Users\Rafael\AppData\Local\{C960A496-913B-4131-9E5F-FEB022EB5AAB}
2016-02-24 14:05 - 2016-02-24 14:06 - 00000000 ____D C:\Users\Rafael\AppData\Local\{0C4FBB95-7F0F-47D6-8597-50BC82D2895E}
2016-02-22 11:41 - 2016-02-22 11:42 - 00000000 ____D C:\Users\Rafael\AppData\Local\{205F3D4E-B0A4-4737-97F6-65C2CE79201D}
2016-02-20 13:25 - 2016-02-20 13:26 - 00000000 ____D C:\Users\Rafael\AppData\Local\{F66C4ACF-6C07-4CB6-B9DA-AE9AEB394AE1}
2016-02-19 22:07 - 2016-02-19 22:07 - 00000662 _____ C:\Users\Rafael\Downloads\dados.xls
2016-02-19 09:50 - 2016-04-12 22:52 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 09:43 - 2016-04-14 17:08 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d16b131d588245.job
2016-02-19 09:43 - 2016-04-14 16:48 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d16b131f589f85.job
2016-02-19 09:43 - 2016-02-19 09:43 - 00004064 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d16b131f589f85
2016-02-19 09:43 - 2016-02-19 09:43 - 00003812 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d16b131d588245
2016-02-19 09:42 - 2016-02-19 09:43 - 00000000 ____D C:\Users\Rafael\AppData\Local\Deployment
2016-02-19 09:42 - 2016-02-19 09:42 - 00000000 ____D C:\Users\Rafael\AppData\Local\Apps\2.0
2016-02-19 09:22 - 2016-02-19 09:23 - 00000000 ____D C:\Users\Rafael\AppData\Local\{1CAA10A6-7D7F-4945-94F8-CC453C84CD24}
2016-02-18 15:30 - 2016-02-18 15:31 - 00000000 ____D C:\Users\Rafael\AppData\Local\{117D5884-8F96-438A-BC8A-A60B707919BF}
2016-02-17 09:48 - 2016-02-17 09:50 - 00000000 ____D C:\Users\Rafael\AppData\Local\{F2937C71-21BE-407F-B508-814A8383C995}
2016-02-17 09:27 - 2016-02-17 09:27 - 00000000 ____D C:\Users\TEMP.Rafael-WIN.006
2016-02-17 09:27 - 2013-05-09 22:03 - 00000000 ____D C:\Users\TEMP.Rafael-WIN.006\AppData\Roaming\TuneUp Software
2016-02-17 09:27 - 2009-07-14 15:11 - 00000000 ____D C:\Users\TEMP.Rafael-WIN.006\AppData\Roaming\Media Center Programs
2016-02-14 21:48 - 2016-02-14 22:08 - 00000000 ____D C:\Users\Rafael\Desktop\trabalho
2016-02-14 21:17 - 2016-02-14 21:19 - 03947526 _____ C:\Users\Rafael\Downloads\RM 2ª Versão para impressão.pdf
2016-02-14 21:12 - 2016-02-14 21:13 - 00000000 ____D C:\Users\Rafael\AppData\Local\{B94E2618-66D9-4497-9229-F0E270BB7EC3}
2016-02-12 21:47 - 2016-02-12 21:49 - 00000000 ____D C:\Users\Rafael\Desktop\Acamp. lideres
2016-02-12 19:45 - 2016-02-12 19:45 - 00117248 _____ C:\Users\Rafael\Desktop\Quebrantado1.pps
2016-02-12 19:43 - 2016-02-12 19:44 - 00117248 _____ C:\Users\Rafael\Desktop\Quebrantado1.ppt
2016-02-12 16:46 - 2016-02-14 21:31 - 00025088 ____H C:\Users\Rafael\Documents\~WRL1085.tmp
2016-02-12 16:46 - 2016-02-12 16:46 - 00024064 ____H C:\Users\Rafael\Documents\~WRL0003.tmp
2016-02-12 16:34 - 2016-02-12 16:34 - 00184963 _____ C:\Users\Rafael\Downloads\colangiorressonância (1).pdf
2016-02-12 16:31 - 2016-02-12 16:31 - 00184963 _____ C:\Users\Rafael\Downloads\colangiorressonância.pdf
2016-02-12 12:21 - 2016-02-12 12:22 - 00000000 ____D C:\Users\Rafael\AppData\Local\{64D8E3E9-FBC0-454E-BD45-118A0B8CC3A0}
2016-02-10 11:16 - 2016-02-10 11:17 - 00000000 ____D C:\Users\Rafael\AppData\Local\{7273E1B5-9786-40CF-8543-F37E79546B55}
2016-02-09 20:06 - 2016-02-09 20:09 - 14348892 _____ C:\Users\Rafael\Downloads\DOC PESSOAIS DE HORING.pdf
2016-02-09 18:13 - 2016-02-09 18:14 - 00000000 ____D C:\Users\Rafael\AppData\Local\{4B73791E-0BCD-4FFD-AA7C-9CCB0FC90597}
2016-02-07 20:25 - 2016-02-07 20:30 - 00000000 ____D C:\Users\Rafael\Desktop\Disney
2016-02-06 22:53 - 2016-02-07 12:01 - 00000000 ____D C:\Users\Rafael\AppData\Local\{819C064B-EAC6-48D9-8DD9-6055670BAE0F}
2016-02-05 11:52 - 2016-02-05 11:52 - 00104341 _____ C:\Users\Rafael\Documents\SisFIES - Sistema de Financiamento ao Estudante.pdf
2016-02-05 10:32 - 2016-02-05 10:32 - 00000000 ____D C:\Users\Rafael\AppData\Local\{B1737986-84A7-451A-896F-03ABC5E48A5C}
2016-02-05 10:05 - 2016-02-05 10:04 - 00457663 _____ C:\Users\Rafael\Desktop\Scanner_2_2015-08-07-144151.pdf
2016-02-05 10:03 - 2016-02-05 10:04 - 00457663 _____ C:\Users\Rafael\Downloads\Scanner_2_2015-08-07-144151.pdf
2016-02-04 22:31 - 2016-02-04 22:31 - 00000000 ____D C:\Users\Rafael\AppData\Local\{481A5AD4-3655-4F69-B650-0DC3C8583352}
2016-02-04 08:51 - 2016-02-04 08:52 - 00000000 ____D C:\Users\Rafael\AppData\Local\{EB637E36-477B-44FB-AC93-F397A82D6291}
2016-02-03 11:53 - 2016-02-03 11:53 - 00378288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2016-02-03 09:34 - 2016-02-03 09:35 - 00000000 ____D C:\Users\Rafael\AppData\Local\{07300FCB-FE90-40D8-B7BF-5E875CE23EC2}
2016-02-02 17:18 - 2016-02-02 17:20 - 00000066 _____ C:\Users\Todos os Usuários\merlin.ini
2016-02-02 17:17 - 2016-02-02 17:17 - 00000000 ____D C:\Windows\MSAgent64
2016-02-02 17:17 - 2016-02-02 17:17 - 00000000 ____D C:\Windows\MSAgent
2016-02-02 17:15 - 2016-02-02 17:15 - 00798742 _____ (Authorsoft Corporation ) C:\Users\Rafael\Downloads\CuteTranslator.exe
2016-02-02 17:13 - 2016-02-17 10:45 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator3
2016-02-02 17:13 - 2016-02-17 10:45 - 00000000 ____D C:\Program Files (x86)\FreeLanguageTranslator 3.6
2016-02-02 17:13 - 2016-02-02 17:13 - 00003067 _____ C:\Users\Rafael\Desktop\FreeTranslator.lnk
2016-02-02 17:13 - 2016-02-02 17:13 - 00003021 _____ C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Free Language Translator.lnk
2016-02-02 17:02 - 2016-02-02 17:03 - 02439812 _____ C:\Users\Rafael\Downloads\FreeTranslatorSetup.zip
2016-02-02 16:54 - 2016-02-02 17:01 - 00000000 ____D C:\Users\Rafael\Documents\Multilizer
2016-02-02 16:54 - 2016-02-02 16:58 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\multilizer
2016-02-02 16:54 - 2016-02-02 16:55 - 00000000 ____D C:\Users\Todos os Usuários\multilizer
2016-02-02 16:38 - 2016-02-02 16:39 - 00000000 ____D C:\Users\Rafael\AppData\Local\{3E905CDF-656A-400A-A332-D2B6E5F1F3D2}
2016-02-01 18:32 - 2016-02-01 18:33 - 00000000 ____D C:\Users\Rafael\AppData\Local\{8D7ABFFC-2DB3-46E9-BD04-18A599A9EB47}
2016-01-29 15:59 - 2016-01-29 16:00 - 00000000 ____D C:\Users\Rafael\AppData\Local\{B09E0919-2F38-4641-9F31-C1CC940B97B6}
2016-01-28 15:20 - 2016-01-28 15:21 - 00000000 ____D C:\Users\Rafael\AppData\Local\{15F7C9D0-970C-415A-9120-CFD401566840}
2016-01-26 11:04 - 2016-01-26 11:04 - 00315312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2016-01-26 11:04 - 2016-01-26 11:04 - 00272304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2016-01-26 08:02 - 2016-01-26 08:03 - 00000000 ____D C:\Users\Rafael\AppData\Local\{1D93677B-026A-451D-B95C-67A4A102A6CD}
2016-01-24 20:12 - 2016-01-24 20:12 - 00000000 ____D C:\Users\Rafael\AppData\Local\{E8FCEE9C-E797-4ED0-B461-D538B7EA9E14}
2016-01-23 19:31 - 2016-01-23 19:32 - 00000000 ____D C:\Users\Rafael\AppData\Local\{F2366645-49B0-455B-AA66-163F0D02E655}
2016-01-22 14:12 - 2016-01-22 14:13 - 00000000 ____D C:\Users\Rafael\AppData\Local\{ABD0934E-5EFE-4D65-9550-451A1DDA269A}
2016-01-19 07:43 - 2016-01-19 23:07 - 00000000 ____D C:\Users\Rafael\AppData\Local\{8AAAA29C-2B91-4075-A45C-D06E808796FF}
2016-01-18 21:56 - 2016-01-18 21:56 - 00349186 _____ C:\Users\Rafael\Downloads\Foto_comprovante_.zip
2016-01-17 18:56 - 2016-01-17 18:57 - 00000000 ____D C:\Users\Rafael\AppData\Local\{751705CC-1C41-4B8A-B678-C3FABF50064B}
2016-01-15 10:14 - 2016-03-26 13:15 - 00000000 ____D C:\Users\Rafael\Downloads\diagnostico
2016-01-15 10:08 - 2016-01-15 10:08 - 00041319 _____ C:\Users\Rafael\Downloads\Losurdo-2014-Developmental_Medicine_&_Child_Neurology.pdf
2016-01-15 09:51 - 2016-01-15 09:52 - 00000000 ____D C:\Users\Rafael\AppData\Local\{B3BE21FD-77CF-461D-8602-FB535B8288BF}
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-14 17:28 - 2014-02-17 14:28 - 00000296 _____ C:\Windows\Tasks\SaveSense.job
2016-04-14 17:15 - 2009-07-14 01:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-14 17:15 - 2009-07-14 01:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-14 17:08 - 2013-11-26 13:53 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Skype
2016-04-14 17:08 - 2013-11-15 16:19 - 00000000 ____D C:\Users\Rafael\Tracing
2016-04-14 17:07 - 2015-05-31 20:53 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-04-14 17:07 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-14 17:05 - 2013-02-03 11:17 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-14 16:59 - 2013-01-24 14:40 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2016-04-14 16:42 - 2013-01-24 14:41 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-04-14 16:42 - 2013-01-24 14:41 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-04-14 15:55 - 2013-06-11 21:22 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2176017839-3122028425-736170288-1001UA.job
2016-04-14 15:55 - 2009-07-14 00:20 - 00000000 _RSHD C:\Windows\tracing
2016-04-14 09:01 - 2013-04-21 17:19 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2016-04-13 10:56 - 2013-04-14 17:15 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2016-04-13 10:56 - 2013-04-14 17:15 - 00000000 ____D C:\Arquivos de Programas RFB
2016-04-12 22:32 - 2015-09-05 14:42 - 00000000 ____D C:\Users\Todos os Usuários\AVG Web TuneUp
2016-04-12 22:32 - 2015-09-05 14:42 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-04-10 21:37 - 2013-06-11 21:22 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2176017839-3122028425-736170288-1001Core.job
2016-04-09 10:09 - 2013-02-03 11:17 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-09 10:08 - 2013-02-03 11:17 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-09 10:08 - 2013-02-03 11:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 22:22 - 2015-12-24 13:38 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-04-06 16:11 - 2015-05-08 13:26 - 00000000 ____D C:\Users\Todos os Usuários\CanonIJPLM
2016-04-04 15:12 - 2013-02-20 23:44 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\SoftGrid Client
2016-04-01 00:01 - 2015-10-06 21:05 - 00000000 ____D C:\Users\Rafael\Desktop\Outlook.com (3)
2016-03-22 09:05 - 2013-11-26 14:32 - 00000000 ____D C:\Users\Rafael\AppData\Local\CrashDumps
2016-03-22 09:04 - 2015-02-13 16:22 - 00027648 _____ C:\Users\Rafael\Desktop\Pasta1.xls
2016-03-22 09:01 - 2009-07-14 14:55 - 00675660 _____ C:\Windows\system32\prfh0416.dat
2016-03-22 09:01 - 2009-07-14 14:55 - 00132032 _____ C:\Windows\system32\prfc0416.dat
2016-03-22 09:01 - 2009-07-14 02:13 - 01549570 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-22 09:01 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
==================== Arquivos na raiz de alguns diretórios =======
2013-06-26 20:34 - 2014-06-23 09:24 - 0003731 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-01-19 17:13 - 2014-01-19 17:13 - 0019929 _____ () C:\Users\Rafael\AppData\Roaming\unins000.dat
2014-01-19 17:13 - 2014-01-19 17:12 - 0720594 _____ () C:\Users\Rafael\AppData\Roaming\unins000.exe
2014-01-01 19:02 - 2015-05-14 15:39 - 0000143 _____ () C:\Users\Rafael\AppData\Roaming\WB.CFG
2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
2016-02-02 17:18 - 2016-02-02 17:20 - 0000066 _____ () C:\ProgramData\merlin.ini
2016-02-02 17:18 - 2016-02-02 17:18 - 0000006 _____ () C:\ProgramData\merlin.log
Arquivos para serem movidos ou deletados:
====================
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
Alguns arquivos em TEMP:
====================
C:\Users\Rafael\AppData\Local\Temp\.gbas.dll
C:\Users\Rafael\AppData\Local\Temp\APNStub.exe
C:\Users\Rafael\AppData\Local\Temp\avguirn_081204648705.exe
C:\Users\Rafael\AppData\Local\Temp\avguirn_08713973565.exe
C:\Users\Rafael\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Rafael\AppData\Local\Temp\BingSvc.exe
C:\Users\Rafael\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Rafael\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Rafael\AppData\Local\Temp\cdo1326958907.dll
C:\Users\Rafael\AppData\Local\Temp\cdo1624290510.dll
C:\Users\Rafael\AppData\Local\Temp\cdo1741794611.dll
C:\Users\Rafael\AppData\Local\Temp\cdo2857790171.dll
C:\Users\Rafael\AppData\Local\Temp\cdo910299619.dll
C:\Users\Rafael\AppData\Local\Temp\djhpasic.dll
C:\Users\Rafael\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Rafael\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Rafael\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Rafael\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Rafael\AppData\Local\Temp\MSN229F.exe
C:\Users\Rafael\AppData\Local\Temp\oi_{486DBB93-CA91-4C57-8201-E2B87E16A18F}.exe
C:\Users\Rafael\AppData\Local\Temp\oi_{93C821CB-7FA6-4587-881A-428713711C17}.exe
C:\Users\Rafael\AppData\Local\Temp\oltipp3c.dll
C:\Users\Rafael\AppData\Local\Temp\spidentifierimpl.exe
C:\Users\Rafael\AppData\Local\Temp\ug3dmlnm.dll
C:\Users\Rafael\AppData\Local\Temp\unins000.exe
C:\Users\Rafael\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_28746.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-04-08 22:57
==================== Fim de FRST.txt ============================